Tony Arcieri
Tony Arcieri
We're about to put out another breaking set of crate releases which will upgrade `rand_core` (to, in fact, a version that hasn't been released yet) and the state of `OsRng`...
We've delayed the releases so we can ship with `rand_core` v0.10. You can follow along with upstream progress here: https://github.com/RustCrypto/traits/issues/1571 Note that there will be no `OsRng` in the next...
@rozbb `precomputed-tables` likely still offers a speedup for fixed-based Montgomery scalar multiplication, since that uses the Edwards basepoint tables
@rozbb I don't see a benchmark for fixed-base scalar multiplication e.g. `From
@rozbb possibly feature unification? Try running `cargo hack build`
I will need to read the paper, but I was a little confused by this: > It implements a new verification API verify_heea which mimiks the exact behaviour of verify_strict...
@zz-sol I guess the other question then is why not apply it to the RFC8032 verification as well, but only to `verify_strict`?
One thing that might help is splitting up the PR into one that just adds `vartime_triple_scalar_mul_basepoint` without anything else, which would make it easier to review
@zz-sol how about putting the constants in one commit and the core functions in another commit in the same PR to make it easier to review just the latter, and...
FWIW I've partially built a `subtle`-like library that directly embraces `const fn` and always uses `black_box` in a belt-and-suspenders capacity where there is at least one additional mitigation to rely...