David Wong
David Wong
Are you talking about the nonces of [the symmetric library](https://github.com/mimoo/disco/blob/master/libdisco/symmetric.go#L131)? In this case I don't think it is necessary to cover this via the test vectors since we already cover...
hey! Thanks for reporting this @tankf33der , do you want to submit a PR to fix it : o ?
**How to implement Disco?** 1. Implement or find an implementation of [Strobe](https://strobe.sourceforge.io/). (The reference code is in C and python.) 1. Read the "How to Read This Document and Implement...
yeah! That's awesome :) I'll take a look at it when I get some time.
Looks like there is [a swift version](https://github.com/nixberg/GDisco)
there's Xisco which doesn't use Strobe but xoodyak! https://github.com/nixberg/Xisco
And a rust implementation: https://github.com/rust-p2p/disco
After some discussions with various people, it seems like there are two things that make Disco not so great: * for embedded devices, the 1600-bit state is too big. keccak-f[400]...
Hey @cbluth ! and thanks for the issue. In golang the curve25519 clamping is done during the scalar multiplication: https://github.com/golang/crypto/blob/70a84ac30bf957c7df57edd1935d2081871515e1/curve25519/curve25519_generic.go#L783 which might indeed contrast with how other implementations do it....
btw I see that [libsodium also doesn't do the clamping during generation](https://github.com/jedisct1/libsodium/blob/927dfe8e2eaa86160d3ba12a7e3258fbc322909c/src/libsodium/crypto_kx/crypto_kx.c#L29). @jedisct1 is there a reason and should we not do it for disco too?