Giter Site home page Giter Site logo

Comments (6)

Silur avatar Silur commented on July 17, 2024 1

Yet, you're using their implementation of Curve25519. 👍

Your accusation is correct, this is why I added ristretto support in 2121264 :)
Note that this is a breaking API change and you need to additionally select the submodule you want to use from now.
Thanks for the contribution!

from ecvrf.

Silur avatar Silur commented on July 17, 2024

I am not tied to the cofactor-8 setting in any way, maybe a future version can have feature flags for different groups. The initial reason to use this library from dalek-crypto is that it has undergone more review than the ristretto one, the usual cryptographer's excuse :D

from ecvrf.

WildCryptoFox avatar WildCryptoFox commented on July 17, 2024

Perhaps more review for vanilla curve25519 than the 4 additional abstractions built on top of it, known as ristretto255. But the prime order group is more suitable for many more protocols without you having to worry about obscure details. For one, curve25519 is malleable. Ristretto255 is not.

from ecvrf.

Silur avatar Silur commented on July 17, 2024

"curve25519 is malleable" is an overreacted and misleading statement by the ristretto community. curve25519 implementors played the good old game of "I know how to crypto, let's make this a little faster" and now we are in the cofactor pitfall :)
This doesn't mean that you can use a proper non-vulnerable version in the industry out there because every implementor adopted this stupid idea.

  • As a package maintainer I said that I support the idea to use feature flags and support ristretto too, and will be done in future versions
  • As a cryptologist I say that curve25519 is not malleable, this is just the result of people doing cryptography who should not

from ecvrf.

WildCryptoFox avatar WildCryptoFox commented on July 17, 2024

Feature flags are good, sure. Can you elaborate on how curve25519 is not malleable? I thought the cofactor was part of the spec.

[..] this is just the result of people doing cryptography who should not

Yet, you're using their implementation of Curve25519 👍

from ecvrf.

WildCryptoFox avatar WildCryptoFox commented on July 17, 2024

For what it is worth. I'll be using Schnorrkel for my VRF-needs at least because it uses Merlin transcripts and if I find the need: ECQV (implicit certificates), HDKD (derived subkeys), normal Schnorr signatures, and MuSig.

You're welcome. Good luck!

from ecvrf.

Related Issues (1)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.