Jeff Burdges
It's [unethical](https://twitter.com/jeffburdges/status/1382959262343696384) to post government identifiers like a person's EID public key onto a public blockchain, so You'll need a zkSNARK circuit that proves roughly the NP statement ``` {...
If I read the [protocol](https://eprint.iacr.org/2021/005.pdf) correctly, one signer could sign numerous messages simultaneously, like in BLS, using the same alpha and beta, and the same point not involving the hash...
There are numerous applications that require direct access to poly1305 and chacha20, like key derivation functions and anything meant to provide anonymity as opposed to just encryption. Anonymity tools need...
Just fyi the [consistenttime](https://github.com/valarauca/consistenttime) crate looks a bit more developed and saw at least some auditing https://github.com/valarauca/consistenttime/issues/5#issuecomment-272042450
AVX2
YMP [claims](http://www.numberworld.org/ymp/v1.0/benchmarks.html) an impressive 2-3x speedup over GMP by using AVX2. Any opinions on: If what YMP does is sensible. What AVX2 support might look like? What internal algorithms it'd...
These are wrappers for combinations of `slice::split_at` or `slice::split_at_mut` with `array_ref` and `array_mut_ref` respectively, that simplify handling a variety of references into a slice. In essence, they use a call...
Blake2x
It's maybe worth adding support for blake2x eventually: https://blake2.net/blake2x.pdf I've no idea if anyone actually uses blake2x for anything or how its performance compares with the shake XOFs or blake2s/b...
Just fyi, we're sorting out `#[no_std]` without `alloc` in https://github.com/RustCrypto/traits/pull/40 and https://github.com/SymbolicSoft/noiseexplorer/pull/34 I'm unsure if rustls maybe requires `std` for networking anyways, but anything we work out might prove handy...
We only use wasmtime here, not wasmi. We never escalate and slash unless some approval checker times out (or reports invalid). Also, you never get slashed unless you're alpha slower...
HDKD
IEEE published a flawed HDKD design called [BIP32-Ed25519](https://ieeexplore.ieee.org/abstract/document/7966967?section=abstract). I explained a secret key recovery attack based on this flaw in https://forum.web3.foundation/t/key-recovery-attack-on-bip32-ed25519/44 but that zombie lives. In the interest of killing...