Tony Arcieri issues

Results 268 issues of


                                            Tony Arcieri

[WIP] curve: enable the `unreachable_pub` lint

In #850 I noticed there are a lot of places that internal types are currently marked `pub` which is a bit confusing when trying to reason about whether APIs allow...

[WIP] ed25519: add `verify_consensus` implementing ZIP-215

Adds a new verification method implementing the [ZIP-215] verification criteria for Ed25519 signatures. TODO: test vectors [ZIP-215]: https://zips.z.cash/zip-0215

Extended Montgomery coordinates

This paper describes complete formulas for Montgomery curves which are as efficient as the ones for Edwards curves: https://tches.iacr.org/index.php/TCHES/article/view/11808/11313 > In this paper, we introduce extended Montgomery coordinates as a...

Replace repeated integer literals with constants

I think it would be good to add some more constants in places where integer literals are frequently repeated, and ideally establish a naming pattern that can be reused across...

Why do you use a fork of `curve25519-dalek`?

We get a pretty steady stream of accidental PRs from people's forks of `curve25519-dalek`. That makes me wonder if there are things we could put in a `hazmat` API which...

curve: add `X25519_LOW_ORDER_POINTS` constant

Adds a table of low order points, adapted from https://cr.yp.to/ecdh.html, which suggests that non-Diffie-Hellman protocols that depend on "contributory" behavior should reject them. They're also useful for testing, e.g. how...

Question about `word-by-word-montgomery` 32-bit vs 64-bit representations

This is something I've noticed when synthesizing a `word-by-word-montgomery` implementation of the P-521 scalar field, which I did as follows: ```console fiat-crypto word-by-word-montgomery --lang Rust --inline p521_scalar 64 0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409 ```...

Tony Arcieri