circl icon indicating copy to clipboard operation
circl copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Adds decaf group

Open armfazh opened this issue 4 years ago • 7 comments

Includes a package for the decaf group.

Decaf is specified https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-03, this implementation is fully compatible with draft. Test vectors for group operations and hashing to group are passing.

Decaf (circl/group) is a safe group abstraction on top of the Goldilocks (edwards448) curve (circl/ecc/goldilocks).

Ed448 also uses Goldilocks curve but only requires specific operations.

Internally, Goldilocks curve is implemented with ted448, a twist of the curve, since it provides faster point arithmetic.

armfazh avatar May 15 '20 01:05 armfazh

I'll check this tomorrow @armfazh

claucece avatar May 16 '20 05:05 claucece

Nice! Have you run it against the vectors of: https://sourceforge.net/p/ed448goldilocks/code/ci/master/tree/test/ ?

claucece avatar May 18 '20 05:05 claucece

@bwesterb Addressed requested changes.

armfazh avatar Aug 26 '20 00:08 armfazh

We should add here the draft-ristretto-decaf test vectors, which is pretty easy as they are the multiplicatives of the generator. We can also add here the one-way-map of the draft. I also did a small implementation here of it: https://github.com/claucece/sage-ristretto255-decaf448 in sage.

claucece avatar Nov 05 '20 21:11 claucece

@armfazh what's the plan for this PR?

chris-wood avatar Feb 01 '22 23:02 chris-wood

what's the plan for this PR?

Just pushed changes that update this PR. Please review: @chris-wood @bwesterb @claucece

armfazh avatar Mar 11 '22 04:03 armfazh

what's the plan for this PR?

It's been a while back, but I believe I haven't gone through all the maths in detail. If you want a detailed review, then I'll need to dedicate a day or two to it. Is there a deadline?

bwesterb avatar Mar 16 '22 11:03 bwesterb