opaque-ke icon indicating copy to clipboard operation
opaque-ke copied to clipboard
verified publisher icon facebook

Use `Public/SecretKey` for the `elliptic-curve` implementation

Open daxpedda opened this issue 3 years ago • 2 comments

Currently we are using ProjectivePoint and Scalar directly instead of PublicKey and SecretKey respectively.

The reason was that curve25519_dalek::Scalar supports Zeroize but not ZeroizeOnDrop. But elliptic_curve::SecretKey supports ZeroizeOnDrop but not Zeroize. (this was one of the main reasons I worked on introducing ZeroizeOnDrop in the first place)

The best solution here would be to introduce a SecretKey for Ristretto255, which currently doesn't exist, we could introduce this type ourselves in opaque-ke though.

Not sure what to do about elliptic_curve::PublicKey, as it implements neither. Is not zeroing out the public key acceptable?

This is analogous to https://github.com/novifinancial/voprf/issues/57 and is mainly for code improvement and cleaner deserialization, it doesn't actually change anything.

daxpedda avatar Dec 16 '22 16:12 daxpedda

Hmm, I see. Yes, not zeroing out the public key should be fine in this case.

kevinlewi avatar Dec 18 '22 02:12 kevinlewi