-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add legacy
feature with AffineCoordinates
trait
#65
Conversation
Protocols like ECDSA need access to affine coordinates: the x-coordinate for ECDSA itself, but also the y-coordinate for things like recovering public keys from ECDSA signatures (as seen in Ethereum). This commit adds support for accessing affine coordinates for use in these protocols, taking into account some feedback from the previous attempt to do this (#50): - Trait is placed inside a `legacy` module with comments strongly suggesting it should only be used for implementing legacy protocols which explicitly need coordinate access - Feature is hidden from https://docs.rs to discourage (mis)use - Coordinates are represented using a `FieldElementBytes` type alias which is also defined in the `legacy` module
Codecov Report
@@ Coverage Diff @@
## master #65 +/- ##
==========================================
- Coverage 81.46% 81.37% -0.10%
==========================================
Files 12 12
Lines 1392 1428 +36
==========================================
+ Hits 1134 1162 +28
- Misses 258 266 +8
Continue to review full report at Codecov.
|
738a829
to
1f1eaf7
Compare
I've been poking at using this in some local branches and thought I'd spell out the immediate concrete use cases for each of the coordinates. ECDSA signingNeeds access to the x-coordinate. @nickray's quick 'n' dirty ECDSA signing implementation (#57) serializes the field element to an integer-as-bytestring and then reduces it to an element of the // Geometrically, x-coordinate is an element of the base field.
// to_bytes lifts this to a big-endian integer.
// This integer is then reduced to an element of the scalar field (n < p).
let x_coordinate: [u8; 32] = ephemeral_point.x.to_bytes();
let r = Scalar::from_hash(x_coordinate); ECDSA public key recoveryNeeds access to the y-coordinate to compute the "recovery ID", but like point compression only really needs to know if the y-coordinate is odd. |
I prefer RustCrypto/signatures#96 to this PR for the purposes of ECDSA. |
The If anyone is still interested in this feature, this PR needs to be reopened there. |
Protocols like ECDSA need access to affine coordinates: the x-coordinate for ECDSA itself, but also the y-coordinate for things like recovering public keys from ECDSA signatures (as seen in Ethereum).
This commit adds support for accessing affine coordinates for use in these protocols, taking into account some feedback from the previous attempt to do this (#50):
legacy
module with comments strongly suggesting it should only be used for implementing legacy protocols which explicitly need coordinate accessFieldElementBytes
type alias which is also defined in thelegacy
module/cc @nickray