ebfull
ebfull
Right now the batch trial decryption code in the `zcash_note_encryption` crate calls `D::ka_agree_dec` with each individual `ivk` and `epk`. Internally, `group::Wnaf` is used to compute `[ivk] epk` slightly more efficiently...
The Tonelli-Shanks Algorithm used in Fp/Fp2 is currently unbounded, so an attack vector exists if someone provides you with a compressed curve point, and you attempt to decompress it, and...
(bn128 again) If you attempt `e(P, Q)` where `P` or `Q` are points at infinity, an internal assumption (during the miller loop if I remember correctly) that the points are...
Recent research (https://ellipticnews.wordpress.com/2016/05/02/kim-barbulescu-variant-of-the-number-field-sieve-to-compute-discrete-logarithms-in-finite-fields/) suggests that a 448-bit field size may be necessary to achieve sufficient security. In any case, it may be necessary to change BN128, and echoing #27 make...
For us, ALT_BN128 r1cs proofs are 304 bytes in size, with point compression and binary serialization enabled.
From what I remember, these formats are different, which is a roadblock for using both at the same time in different contexts.
For example: ```c++ alt_bn128_G1 alt_bn128_G1::operator-() const { return alt_bn128_G1(this->X, -(this->Y), this->Z); } ``` `-G1::zero()` thus has an invalid jacobian representation. I doubt any code outside of this will be reading...
This is a very early WIP attempt at recreating `zcashd`'s `CScript` interpreter and other logic needed to verify transparent scripts in an attempt to destroy [this directory](https://github.com/zcash/zcash/tree/master/src/script) and help out...
``` - You have mined 21 blocks! Orphaned: 3 blocks, Immature: 56.25 TAZ, Mature: 0.00 TAZ ``` 56.25 * 0.8 = 45 which is what I actually have earned (2.5...
As of #111, we're putting scalars into the transcript at the end of the interaction even though challenges aren't needed afterward; this is because the proof itself has scalars at...