Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2024-11-17 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
serai/crypto/ciphersuite
History
Luke Parker 79aff5d4c8
ff 0.13 (#269) 
* Partial move to ff 0.13

It turns out the newly released k256 0.12 isn't on ff 0.13, preventing further
work at this time.

* Update all crates to work on ff 0.13

The provided curves still need to be expanded to fit the new API.

* Finish adding dalek-ff-group ff 0.13 constants

* Correct FieldElement::product definition

Also stops exporting macros.

* Test most new parts of ff 0.13

* Additionally test ff-group-tests with BLS12-381 and the pasta curves

We only tested curves from RustCrypto. Now we test a curve offered by zk-crypto,
the group behind ff/group, and the pasta curves, which is by Zcash (though
Zcash developers are also behind zk-crypto).

* Finish Ed448

Fully specifies all constants, passes all tests in ff-group-tests, and finishes moving to ff-0.13.

* Add RustCrypto/elliptic-curves to allowed git repos

Needed due to k256/p256 incorrectly defining product.

* Finish writing ff 0.13 tests

* Add additional comments to dalek

* Further comments

* Update ethereum-serai to ff 0.13
2023-03-28 04:38:01 -04:00
..
src ff 0.13 (#269) 2023-03-28 04:38:01 -04:00
Cargo.toml ff 0.13 (#269) 2023-03-28 04:38:01 -04:00
LICENSE Update licenses 2023-01-11 23:05:31 -05:00
README.md Fully document crypto/ 2023-03-20 20:10:00 -04:00

README.md

Ciphersuite

Ciphersuites for elliptic curves premised on ff/group.

This library, except for the not recommended Ed448 ciphersuite, was audited by Cypher Stack in March 2023, culminating in commit 669d2dbffc1dafb82a09d9419ea182667115df06. Any subsequent changes have not undergone auditing.

Secp256k1/P-256

Secp256k1 and P-256 are offered via k256 and p256, two libraries maintained by RustCrypto.

Their hash_to_F is the IETF's hash to curve, yet applied to their scalar field.

Ed25519/Ristretto

Ed25519/Ristretto are offered via dalek-ff-group, an ff/group wrapper around curve25519-dalek.

Their hash_to_F is the wide reduction of SHA2-512, as used in RFC-8032. This is also compliant with the draft RFC-RISTRETTO. The domain-separation tag is naively prefixed to the message.

Ed448

Ed448 is offered via minimal-ed448, an explicitly not recommended, unaudited, incomplete Ed448 implementation, limited to its prime-order subgroup.

Its hash_to_F is the wide reduction of SHAKE256, with a 114-byte output, as used in RFC-8032. The domain-separation tag is naively prefixed to the message.