Tony Arcieri

icon indicating a website link https://tonyarcieri.com icon indicating an email [email protected]

icon company @iqlusioninc icon location Denver, CO icon location Co-founder @iqlusioninc, formerly @square. Cryptography and infrastructure engineer.

Results 268 issues of Tony Arcieri

jose-jwk: add `JwkParameters` impls

The impls of the `JwkParameters` trait currently live in https://github.com/RustCrypto/elliptic-curves and look like the following: ```rust impl elliptic_curve::JwkParameters for NistP256 { const CRV: &'static str = "P-256"; } ``` These...

der: make `Length` a newtype of `usize`

4 comment

`Length` is currently a newtype of `u32`. This is because the `Decode` and `Encode` impls are specialized to 32-bit integers: - decode: https://github.com/RustCrypto/formats/blob/bd84063/der/src/length.rs#L272-L273 - encode: https://github.com/RustCrypto/formats/blob/bd84063/der/src/length.rs#L309-L315 If the implementation could...

crypto_secretstream: use `crypto_secretbox`

Currently `crypto_secretstream` implements libsodium-flavored XChaCha20Poly1305 internally. Instead it could use `crypto_secretbox`

Vartime methods should return `Option` instead of `CtOption`

2 comment

We have several methods that are advertised as variable-time which are returning `CtOption` instead of `Option`. This is a bit suboptimal: `CtOption` eagerly evaluates its combinators, whereas `Option` uses lazy...

Use stabilized `core` bigint helper methods

Rust 1.91 is out and stabilized the first round of these: https://blog.rust-lang.org/2025/10/30/Rust-1.91.0/ - [u{N}::carrying_add](https://doc.rust-lang.org/stable/std/primitive.u64.html#method.carrying_add) - [u{N}::borrowing_sub](https://doc.rust-lang.org/stable/std/primitive.u64.html#method.borrowing_sub) - [u{N}::carrying_mul](https://doc.rust-lang.org/stable/std/primitive.u64.html#method.carrying_mul) - [u{N}::carrying_mul_add](https://doc.rust-lang.org/stable/std/primitive.u64.html#method.carrying_mul_add) Note they're not yet usable in `const fn`, so maybe...

Possible inlining improvements

2 comment

I ran `RUSTFLAGS=-Ccodegen-units=1 cargo bench` to see what changed versus just `cargo bench`. There were a few that stuck out in particular: - [ ] wrapping ops/widening_mul - `I512xI512`: -25%...

Uint: `const fn` comparisons are `pub(crate)`

3 comment

I was recently trying to add some `const fn` friendly checks that a field element doesn't overflow the modulus, and while `Uint::lt` would do what I want, it's currently `pub(crate)`,...

PQ/T Hybrid Key Exchange

OpenSSH 10.0 introduced support for a hybrid key exchange combining ML-KEM and X25519 called `mlkem768x25519-sha256`: https://datatracker.ietf.org/doc/draft-ietf-sshm-mlkem-hybrid-kex/ It would be good to add a crate with support for this key exchange...