Coda Hale

> Having recently seen this issue: [dalek-cryptography/curve25519-dalek#389](https://github.com/dalek-cryptography/curve25519-dalek/issues/389) > > ...I'm curious if perhaps we should just have a cargo feature that exposes the `FieldElement` API. It can remain hidden from...

I agree that this is definitely hazmat and I’d be happy to modify this to check that the point is indeed on the curve, but I should note that this...

I just pushed a change to check the coordinates for validity. Conditionally exposing this functionality requires extracting it as a trait, so it’s a little more verbose.

This looks great, but the admittedly very touchy tests don’t pass. Feel free to round the stddev and I’ll gladly merge this. Thanks for the patch!

Believe me, I understand that, but the module as it exists uses literally none of the cryptographic primitives for providing authentication. You're hoping that CBC mode's confidentiality guarantees are sufficient,...

(Disregard my previous comment, if you got it via email.) No, this isn't supported. I'd accept a patch to add support for it.

Indeed, I can! https://github.com/codahale/elligator-squared Mashing field elements into and from bytes isn’t delightful, but it’s functional for now. Thanks for the update!

This is not an accumulator in the cryptographic sense, no, nor is it possible to build one using elliptic curves without a pairing function and Curve25519 is not pairing-friendly. Your...

I understand. I still strongly recommend TLS, even instead of AES-256-GCM. It is very hard to design and implement a secure cryptosystem, and TLS already fits your use case.

Patches accepted.