Tony Arcieri
Tony Arcieri
cc @fjarri If this is true, it seems like a bug in `once_cell`
Oh, this is for an emscripten backend. Isn't that deprecated in favor of WASM? The `precomputed-tables` feature no longer uses `once_cell` (at least with `std` available) as of #1135, perhaps...
@briansmith to my knowledge libsodium's XChaCha20 is IETF only
I don't think anyone has an audit planned for `p256` specifically, but there's an audit underway for `k256` and some of its dependencies
`p256` was audited recently. The README.md should probably be updated to reflect it: https://reports.zksecurity.xyz/reports/near-p256/
It's worth experimenting with, though it would be good to see the performance improvements reflected in benchmarks
Are you asking about `k256` specifically? It's unclear which `fn random` that's supposed to be, but that appears to be the only one that matches that code at first glance....
Yes, we could do rejection sampling
> But if the remaining bits, once shifted left by one, don't form a valid scalar, what do you do? One option would be to have a `checked_shl` that returns...
Would be good to get a trait for that into `crypto-bigint`