subtle
subtle copied to clipboard
dalek-cryptography
Pure-Rust traits and utilities for constant-time cryptographic implementations.
While it might seem obvious to people familiar with this crate, I am actually confused how to use this crate after just landing on it looking for a constant comparison...
aarch64 supports data-independent timing https://developer.arm.com/documentation/ddi0595/2020-12/AArch64-Registers/DIT--Data-Independent-Timing, which is also available on Apple silicon https://developer.apple.com/documentation/xcode/writing-arm64-code-for-apple-platforms#Enable-DIT-for-constant-time-cryptographic-operations. Would it be advantageous to make use of the feature in this crate?
While rare, sometimes it is convenient to use `CtOption` in hashmaps/sets. This PR suggests adding `Hash` to `CtOption` and `Choice` to allow that use case, see e.g. [`crypto-bigint::Checked`](https://github.com/RustCrypto/crypto-bigint/blob/master/src/checked.rs#L15). It also...
To resolve #94, removes the `Copy` supertrait bound on `ConditionallySelectable`, replacing it with `Sized` instead. It turns out the bound is only used in the default implementation of `ConditionallySelectable::conditional_swap`, and...
See: https://github.com/dalek-cryptography/curve25519-dalek/pull/677#discussion_r1695474151
While implementing NTRU, I noticed I needed a [constant time sorting algorithm](https://github.com/RustCrypto/KEMs/pull/35/commits/87c7c02a3ecd9b6afee9a51836bcca0a99c2c5ea#diff-ccdf7edb0ee2c9ed7a0ea36681a9ef13dbbab3605a8e396f59203a1e6e01fca7) and [constant time division](ntru/src/const_time/num.rs). Would it make sense to move the implementation to subtle instead to make them...
In `crypto-bigint` we've had to build an entirely parallel set of types in order to support `const fn`: [`ConstChoice`](https://docs.rs/crypto-bigint/0.6.0-rc.0/crypto_bigint/struct.ConstChoice.html) and [`ConstCtOption`](https://docs.rs/crypto-bigint/0.6.0-rc.0/crypto_bigint/struct.ConstCtOption.html), which are `const fn`-friendly versions of `subtle`'s equivalent `Choice`...
As noted in #93, it would be useful to have functionality combining a `CtOption` and `CtOption` into a `CtOption`. This PR implements such functionality and adds corresponding tests. Closes #93.
It's a (fairly?) common design pattern to have certain types use `ConstantTimeEq` to implement `Eq` (via `PartialEq`) for improved safety. For example, [`curve2519-dalek`](https://github.com/dalek-cryptography/curve25519-dalek) does this for its [`Scalar`](https://github.com/dalek-cryptography/curve25519-dalek/blob/5b7082bbc8e0b2106ab0d956064f61fa0f393cdc/curve25519-dalek/src/scalar.rs#L294-L298) and [`RistrettoPoint`](https://github.com/dalek-cryptography/curve25519-dalek/blob/5b7082bbc8e0b2106ab0d956064f61fa0f393cdc/curve25519-dalek/src/ristretto.rs#L822-L826)...
This removes a comment from `Cargo.toml` on the `core_hint_black_box` feature. Since #123 partially undid #107, the `core_hint_black_box` feature is still used. FWIW, #107 also removed some documentation about the feature,...
Metadata
Owner
Metadata
Pure-Rust traits and utilities for constant-time cryptographic implementations.