serai/crypto/ciphersuite
Luke Parker ac0f5e9b2d
3.1.2 Remove oversize DST handling for code present in elliptic-curve already
Adds a test to ensure that elliptic-curve does in fact handle this properly.
2023-02-23 00:52:13 -05:00
..
src 3.1.2 Remove oversize DST handling for code present in elliptic-curve already 2023-02-23 00:52:13 -05:00
Cargo.toml Add test vectors for Ciphersuite::hash_to_F 2022-12-25 02:50:10 -05:00
LICENSE Create a dedicated crate for the DKG (#141) 2022-10-29 03:54:42 -05:00
README.md Have transcripted versions specify their minor version pre-1.0 2022-12-27 00:49:31 -05:00

Ciphersuite

Ciphersuites for elliptic curves premised on ff/group.

Secp256k1/P-256

Secp256k1 and P-256 are offered via k256 and p256, two libraries maintained by RustCrypto.

Their hash_to_F is the IETF's hash to curve, yet applied to their scalar field.

Ed25519/Ristretto

Ed25519/Ristretto are offered via dalek-ff-group, an ff/group wrapper around curve25519-dalek.

Their hash_to_F is the wide reduction of SHA2-512, as used in RFC-8032. This is also compliant with the draft RFC-RISTRETTO. The domain-separation tag is naively prefixed to the message.

Ed448

Ed448 is offered via minimal-ed448, an explicitly not recommended, unaudited Ed448 implementation, limited to its prime-order subgroup.

Its hash_to_F is the wide reduction of SHAKE256, with a 114-byte output, as used in RFC-8032. The domain-separation tag is naively prefixed to the message.