Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elliptic-curve: add Invert trait #228

Merged
merged 1 commit into from
Jul 28, 2020
Merged

elliptic-curve: add Invert trait #228

merged 1 commit into from
Jul 28, 2020

Conversation

tarcieri
Copy link
Member

Add a trait for performing scalar/field inversions.

The main motivation for this is to allow for things like BlindedScalar type which use random blinding for either efficiency reasons (to allow a vartime inversion) and/or as a side-channel defense.

@tarcieri tarcieri requested a review from nickray July 28, 2020 16:41
@tarcieri
Copy link
Member Author

tarcieri commented Jul 28, 2020
edited
Loading

@nickray FYI, my intended use for this is to remove masking_scalar from the SignPrimitive API.

Instead we can have something like a BlindedScalar type constructed from a Scalar and a CryptoRng which supports an Into<Scalar> conversion, but whose Invert::invert() impl can use the vartime inversion. If we have that, it can be passed in lieu of a Scalar as the ephemeral_scalar.

I think if we prototype that in the p256 crate, we could potentially hoist it into this crate and have a generic BlindedScalar implementation that works with any curve.

@tarcieri
elliptic-curve: add Invert trait
151058a 
Add a trait for performing scalar/field inversions.

The main motivation for this is to allow for things like `BlindedScalar`
type which use random blinding for either efficiency reasons (to allow a
vartime inversion) and/or as a side-channel defense.
@tarcieri tarcieri force-pushed the elliptic-curve/invert-trait branch from 4d38482 to 151058a Compare July 28, 2020 16:47
@tarcieri tarcieri merged commit f8a916b into master Jul 28, 2020
@tarcieri tarcieri deleted the elliptic-curve/invert-trait branch July 28, 2020 16:50
@nickray
Copy link
Member

nickray commented Jul 28, 2020

The intended use is an interesting approach - I like it!

So far I never used any RNG traits (felt too implicit, I like to see exactly where entropy is consumed), but would be interested to see how you'd do this! Oh and my last attempt at field traits failed too 😅.

@nickray
Copy link
Member

nickray commented Jul 28, 2020
edited
Loading

I wonder how, for practical purposes, this CtOption approach compares to restricting the domain of this trait to just invertible elements?

@tarcieri
Copy link
Member Author

I didn't put a whole lot of thought into this trait and for me it's mostly it's a means to an end for implementing RustCrypto/elliptic-curves#99

It's mostly a trait extraction of what exists in the p256 and k256 codebases, for both Scalar and FieldElement. I only impl'd it on the former, since that's all I care about for RustCrypto/elliptic-curves#99

I'll make a note of it in RustCrypto/elliptic-curves#22 as I'm sure there's some prior art here I've overlooked (or potentially another crate we can source the trait from).

@tarcieri tarcieri mentioned this pull request Jul 28, 2020
Closed
@tarcieri tarcieri mentioned this pull request Aug 10, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickray nickray Awaiting requested review from nickray

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tarcieri @nickray