Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Join forces? #1

Open
tarcieri opened this issue Mar 3, 2020 · 3 comments
Open

Join forces? #1

tarcieri opened this issue Mar 3, 2020 · 3 comments

Comments

@tarcieri
Copy link

tarcieri commented Mar 3, 2020

Hello! I saw this crate and wanted to note there are a few other overlapping efforts here:

See the RustCrypto elliptic-curve crate and curve-specific crates implemented with it:

As an example of a curve implemented with it, there's the p256 crate:

These are used by the ecdsa crate:

Note there's also the algebra crate which provides Field and Group traits:

Anyway, I think it'd be good to collaborate on one solid set of crates for this particular problem, and open to discussing how!
@armfazh
Copy link
Owner

armfazh commented Mar 3, 2020

Definitely, this is something worth to do it.
I would like to know more about the guidelines of the project.
Whether it will include full-optimized code, arch-agnostic vs arch-dependent, pure rust vs FFI, assembler allowed?

Also, I think traits must be more granular.
Example: In the P256 crate, P-256 is a curve, there should not be keys on it. However, ECDH/ECDSA are algorithms that have keys.

This is a small example, of course, but I think Rust allows a fine-grained design that we can leverage to have good API's.

@tarcieri
Copy link
Author

tarcieri commented Mar 4, 2020
edited
Loading

Whether it will include full-optimized code, arch-agnostic vs arch-dependent, pure rust vs FFI, assembler allowed?

The other crates in https://github.com/RustCrypto all provide a pure Rust portable implementation (written in a constant time-ish manner, assuming the underlying architecture has a constant time arithmetic instruction among a handful of other assumption), and then layer on top of that architecture-specific optimizations. We've used a handful of FFI-based linking to assembly in the past, but have largely stopped doing that going forward to instead use things like core::arch and packed_simd.

Example: In the P256 crate, P-256 is a curve, there should not be keys on it. However, ECDH/ECDSA are algorithms that have keys.

Beyond ECDSA, the notion of "keys" are also useful for things like D-H and ECIES, but also note that "keys" in that crate provide additional functionality over the values they wrap.

elliptic_curve::weierstrass::PublicKey acts as an abstraction over various possible Weierstrass curve point serializations which may be encountered "on the wire", including the compressed and uncompressed forms (for Weierstrass curves, these are the SEC1 "Elliptic-Curve-Point-to-Octet-String" serializations), at at least in the case of the p256 crate the ability to convert between them (i.e. compress/decompress points). They also provide a place to add things like PKCS#8 encoders/decoders.

For scalars, the elliptic_curve::SecretKey type also handles zeroization-on-drop and accidental disclosure of the secret scalar value.

@tarcieri
Copy link
Author

tarcieri commented May 24, 2020
edited
Loading

Just wanted to note we have full scalar, field, and curve arithmetic support in both the p256 and k256 crates including point compression/decompression, the group operation (i.e. addition), as well as scalar multiplication, implemented in terms of the complete Weierstrass formulas.

I am looking at adding support for computing ECDSA generically over any Weierstrass curve.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @armfazh