Thomas Pornin
Thomas Pornin
The function `EdwardsPoint::hash_from_bytes()` is described as "performing hashing to the group" and explicitly references draft-irtf-cfrg-hash-to-curve: https://github.com/dalek-cryptography/curve25519-dalek/blob/8abb22bcafe30ac2dbad372d0444fdba9e63bc0e/src/edwards.rs#L529-L532 This is a rather misleading description because: - This function does _not_ implement the...
`RistrettoPoint::double_and_compress_batch()` may fail if one of the input points is the Ristretto identity. The function computes, for each input point, the values `e`, `f`, `g`, and `h` (in a `BatchCompressState`...
This makes `FieldElement::batch_invert()` able to process inputs of value zero (the "inverse" of zero is formally defined to be zero; this is usually the most useful value to return in...