kyber icon indicating copy to clipboard operation
kyber copied to clipboard
verified publisher icon dedis

Ristretto support

Open tucnak opened this issue 5 years ago • 1 comments

Hello,

As usual, many thanks for the most fantastic crypto construction Go library out there!

Are there any plans for Ristretto support? The group is ristretto255, which is built on top of Curve25519, so I assume this shouldn't be too hard to implement it in the current framework. Apparently, there are arguments in favour of using ristretto255, as opposed to ed25519, but I don't strictly understand what the benefits are. Am I right to assume that ristretto255 only uses 1/8 of the points, thus somehow eliminating the risk of malleability?

Cheers, Ian

tucnak avatar May 19 '20 14:05 tucnak

Hi Ian,

from what I know, there are currently no plans to do this. But if you want to give it a shot, I'm sure it would be accepted as a PR ;)

The *25519 groups in this library per default also only use 1/8 of the available points (and scalars), which is parametrizable using the subgroup parameter: https://github.com/dedis/kyber/blob/cf1d7f3a955c4dff40bf5b1b27576ea9713569a8/group/curve25519/suite.go#L59

ineiti avatar May 20 '20 16:05 ineiti