curve25519-dalek
curve25519-dalek copied to clipboard
dalek-cryptography
A pure-Rust implementation of group operations on Ristretto and Curve25519
I would recommend merging (no squash - to keep the history intact) from `release/4.0` into `main` and keep the `main` as development branch for the next release what ever it...
Reviving this thread as a separate feasibility discussion around at least: **Question 1:** Should we do performance selection via features ? This would include perhaps providing features to maybe enable...
I'm currently trying to use the ristretto Scalar type with nalgebra, but cannot do matrix multiplications, because nalgebra requires the type to implement `One` and `Zero` for that. Since we...
The popular [`dependency-review-action`](https://github.com/actions/dependency-review-action) requires the license field be in valid SPDX format. (We are hitting false positives on this dependency via `dependency-review-action` over at [Teleport](https://github.com/gravitational/teleport)).
Currently the torsion check (`is_torsion_free`) is implemented using a variable base constant time multiplication. However the group order is public so there is no need for side channel countermeasures regarding...
There was a big warning in `VerifyingKey::from_bytes` that said the user is responsible for ensuring that the provided bytes represent a verifying key. I think this was confusing, since the...
It may be useful to support multiscalar multiplication evaluation using partial precomputation, where a larger set of precomputation tables is generated than is needed for an evaluation. This PR adds...
It is the case that performing variable-time Ristretto multiscalar multiplication evaluation using [`VartimeRistrettoPrecomputation`](https://docs.rs/curve25519-dalek/latest/curve25519_dalek/ristretto/struct.VartimeRistrettoPrecomputation.html) may be less efficient than the corresponding [`VartimeMultiscalarMul`](https://docs.rs/curve25519-dalek/latest/curve25519_dalek/traits/trait.VartimeMultiscalarMul.html) implementation, depending on the number of points used. This...
Alternative to #659/#661 and #662 which leverages `subtle::Choice` and `subtle::ConditionallySelectable` as the optimization barriers. Really the previous masking was there to conditionally add the scalar field modulus on underflow, so...
In our project, we need to verify Ed25519 signatures according to the criteria outlined in [ZIP215](https://zips.z.cash/zip-0215). The current implementation uses different verification criteria. For example * both verify and verify_strict...
Metadata
Owner
Metadata
A pure-Rust implementation of group operations on Ristretto and Curve25519