-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
contracts: add curve25519 pk precompile #116
Conversation
{ | ||
bytes memory scalar = randomBytes(32, pers); | ||
// Twiddle some bits, as per RFC 7748 §5. | ||
scalar[0] &= 0xf8; // Make it a multiple of 8 to avoid small subgroup attacks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is unnecessary to perform a scalar clamp here. The curve25519-dalek library does it when casting bytes32 to field element.
Via:
- https://github.com/oasisprotocol/oasis-sdk/blob/main/runtime-sdk/modules/evm/src/precompile/confidential.rs#L112
- https://github.com/dalek-cryptography/x25519-dalek/blob/main/src/x25519.rs#L253
- https://github.com/dalek-cryptography/curve25519-dalek/blob/a63e14f4ded078d6bf262ba0b3f47026bdd7f7c0/src/scalar.rs#L300
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch, thanks! Can you open up a PR with the proposed fix (removing the scalar clamp)?
@@ -14,12 +14,17 @@ library Sapphire { | |||
0x0100000000000000000000000000000000000003; | |||
address private constant DECRYPT = | |||
0x0100000000000000000000000000000000000004; | |||
address private constant GENERATE_KEYPAIR = | |||
address private constant GENERAGE_SIGNING_KEYPAIR = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be GENERATE_SIGNING_KEYPAIR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed! Can you open up a PR with the fix? Thanks a lot!
No description provided.