Tony Arcieri
Tony Arcieri
An interesting optimization for `no_std` platforms would be to support in-place decoders/encoders. The entire crate is already written to operate over byte slices as inputs/outputs, which should make much of...
In RustCrypto/AEADs#295, the `ChaChaBox` construction was changed to the following (prior versions did not apply HChaCha20): ``` shared_key = hchacha20(x25519(alice_sk, bob_pk), [0u8; 16])) ``` In theory, this should be compatible...
This is a tracking issue for KDF algorithms we should potentially implement. Please leave a comment with your requests!
This is a ticket for tracking desired new features for `crypto-bigint` and which algorithms should be used in order to implement particular features. Unless otherwise stated, these features are implied...
From https://github.com/RustCrypto/crypto-bigint/issues/577#issuecomment-2016550215: > HACL* extracted as pure safe Rust (dubbed "HACL-rs") lives here: https://github.com/hacl-star/hacl-star/tree/afromher_rs/dist/rs > > In there, you'll find bignums in src/hacl: > > - bignum.rs, bignum64.rs: variable-length, 32...
Though we should definitely maintain a baseline profile which is pure Rust, it would be nice to be able to leverage optimized assembly implementations, and ideally formally verified ones which...
There are two different conventions for widening operations used in this crate: - `widening_*` as used by [`WideningMul::widening_mul`](https://docs.rs/crypto-bigint/0.6.0-pre.7/crypto_bigint/trait.WideningMul.html#tymethod.widening_mul) and inherent methods - `*_wide` as used by [`square_wide`, `rem_wide`, `overflowing_shl_*wide`](https://docs.rs/crypto-bigint/0.6.0-pre.7/crypto_bigint/?search=_wide) Notably...
Arithmetic with `BoxedUint` needs to deal with values whose number of limbs don't match. This is true of `Uint` as well, but there everything is nicely type safe. So far...
Bernstein-Yang as described in the original paper uses 62-bit limbs and is optimized for 64-bit targets: https://eprint.iacr.org/2019/266 Section 12.3 of the paper suggests it can be better optimized for 32-bit...
As of #44, `polyval` will compile to VPCLMULQDQ instructions on new enough CPU architectures. We might be able to use a trick similar to https://github.com/RustCrypto/password-hashes/pull/440 where we detect the relevant...