serai/crypto/ciphersuite
2023-03-07 02:29:59 -05:00
..
src 3.8.6 Correct transcript to scalar derivation 2023-03-02 10:04:18 -05:00
Cargo.toml Update Zeroize pin to ^1.5 from 1.5 2023-03-07 02:29:59 -05:00
LICENSE Create a dedicated crate for the DKG (#141) 2022-10-29 03:54:42 -05:00
README.md 3.5.2 Add more tests to ff-group-tests 2023-02-24 06:03:56 -05:00

Ciphersuite

Ciphersuites for elliptic curves premised on ff/group.

Secp256k1/P-256

Secp256k1 and P-256 are offered via k256 and p256, two libraries maintained by RustCrypto.

Their hash_to_F is the IETF's hash to curve, yet applied to their scalar field.

Ed25519/Ristretto

Ed25519/Ristretto are offered via dalek-ff-group, an ff/group wrapper around curve25519-dalek.

Their hash_to_F is the wide reduction of SHA2-512, as used in RFC-8032. This is also compliant with the draft RFC-RISTRETTO. The domain-separation tag is naively prefixed to the message.

Ed448

Ed448 is offered via minimal-ed448, an explicitly not recommended, unaudited, incomplete Ed448 implementation, limited to its prime-order subgroup.

Its hash_to_F is the wide reduction of SHAKE256, with a 114-byte output, as used in RFC-8032. The domain-separation tag is naively prefixed to the message.