Armando Faz
Armando Faz
Latest draft for hash to curve considers a simpler implementation of SSWU method.
Includes a package for the decaf group. Decaf is specified https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-03, this implementation is fully compatible with draft. Test vectors for group operations and hashing to group are passing. Decaf...
In https://eprint.iacr.org/2020/454.pdf, Pornin describes a method for accelerating the calculation of EdDSAsignatures using lattice reduction. It would be a good improvement this verification method for Ed25519 and Ed448 signatures.
Verify this feature is implemented https://cfrg.github.io/draft-irtf-cfrg-hpke/draft-irtf-cfrg-hpke.html#name-bidirectional-encryption
Provided we fix the constant-time issue soon enough. _Originally posted by @bwesterb in https://github.com/cloudflare/circl/pull/277#pullrequestreview-759586309_
Updates multiplication method described in: https://github.com/microsoft/PQCrypto-SIDH/blob/v3.4/src/P434/AMD64/fp_x64_asm.S#L258 Updates reduction method described in: https://github.com/microsoft/PQCrypto-SIDH/blob/v3.4/src/P434/AMD64/fp_x64_asm.S#L721-L727
The intended code was `int16(mathRand.Intn(18*int(Q)) - mathRand.Intn(9*int(Q)))`. _Originally posted by @bwesterb in https://github.com/cloudflare/circl/pull/237#discussion_r664924377_
The [kem interface](https://github.com/cloudflare/circl/blob/master/kem/kem.go#L32) requires deterministic encapsulation, is there a use case for this functionality? cc: @chris-wood @bwesterb
The packge `circl/ecc/p384` contains optimized code for AMD64 and ARM64, but lacks of a generic implementation using `math/bits` package.