Kirk Baird
Kirk Baird
Thought I'd open the issue to get the current status of subgroup checks for signatures and public keys in the rust bindings and hopefully reach a conclusion. A quick summary...
# Question As said in the title why is `(0, 2)` mapped to the point at infinity? ``` /* * Even though (0,2) is formally a point on E1 curve...
### What is wrong? Currently we use a 'constant' time hash to curve function. It is possible to significantly increase speeds by removing the constant time requirements. ### How can...
* py-ecc Version: 1.7.1 ### What is wrong? Currently verification of a signature does not check that the signature is in the correct subgroup. This poses a security risk when...
Minor change to the README.md to reflect AMCL have change where the repo sits.
# What is the issue All secrets need to be zeroed before the memory is freed. This includes `SecretKey` generation and signing and any subroutines used by these. Similarly for...
# What is the issue There are currently no tests for SHA2-384 (`HASH384`). # What needs to be done Tests need to be written, unfortunately SHA2-384 does not have test...
# What has been done - Renamed files to remove `:` such that they are windows friendly. - Update tests accordingly
# What is the issue Subgroup checks are currently being performed using GLV method for G1 and GS method for G2. This may perform incorrect scalar multiplications for points not...
# What is the issue? Hash to curve is currently not constant time. # What needs to be done? Update - SSWU to be straight line. - Make `sgn0()` constant...