Aaron Feickert
Aaron Feickert
The hash-to-group function `GroupElement::generate` performs a conditional negation that restricts the output range unnecessarily: https://github.com/firoorg/firo/blob/master/src/secp256k1/src/cpp/GroupElement.cpp#L383-L385 This function appears only to be used for generating public parameters, but should be documented...
The `depends` build documentation claims that setting `NO_WALLET=1` will pass the `--disable-wallet` flag to the `configure` script. However, this appears to have no effect.
The analyzer warns about `#[inline]` on function prototypes. While it seems useful to keep the attribute around as a helpful reminder in relevant traits, this PR silences the warnings.
The current implementation of `ConstantTimeEquality` for arrays and slices will short-circuit if the lengths are different. This PR does a constant-time length check before the componentwise check, and then uses...
This PR is an initial draft of a design for spend transaction claims. A claim is a proof against an existing spend transaction that asserts the prover knew the spend...
Currently, it's not possible for the sender of a Spark transaction to recover certain transaction information unless it caches coin nonces locally. This information includes recipient addresses and memos. It's...
The application PIN is [encrypted](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L32-L36) when set, and is [decrypted](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L38-L42) to authenticate. This has a few issues: - The underlying [encryption](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L5-L12) and [decryption](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L14-L21) use a fixed zero nonce. This is...
Wallet passwords are stored [encrypted](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L44-L49), and are [decrypted](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L51-L56) when needed. Similarly to #1169, this has a few issues: - The underlying [encryption](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L5-L12) and [decryption](https://github.com/cake-tech/cake_wallet/blob/a164e5defcd311ed0d13b989b24ffacfea75d60a/lib/entities/encrypt.dart#L14-L21) use a fixed zero nonce. Because...
The repository does not have a security policy to inform researchers and developers about how the project wishes to receive information about security vulnerabilities. Fortunately, GitHub supports a [standard way](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository)...
Currently, using precomputation for variable-time multiscalar multiplication requires the number of precomputed points and static scalars to be the same; otherwise, the relevant functions will panic. This limits some use...