Future of dalek-ff-group #201
Labels
cryptography
An issue involving cryptography/a cryptographic library
discussion
This requires discussion
Comments
kayabaNerve
added
discussion
|
The ff/group PR is being pushed back to 4.1. |
|
It may happen soon see |
|
@pinkforest I'm aware. Thanks for chiming in :) |
|
It's merged and in 4.1 |
|
ACK. I'm blocked on ZcashFoundation/ed25519-zebra#94. |
|
Did partially move over, yet larger edits pending 579 and possibly 580. |
|
The above blockers were resolved. We may be able to remove the custom point wrappers as soon as a new point release is made. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
dalek-ff-group is intended to offer ff/group bindings to dalek.
Currently, it's on ff/group 0.12.0. While I wish we could've upgraded to 0.13.0 prior to submitting for auditing, we would've had to update the entire project and k256/p256 aren't ready yet. Migrating from 0.12.0 to 0.13.0 also shouldn't be the hardest thanks to ff-group-tests. dalek-ff-group does have to be updated though once k256/p256 is.
Depending on dalek-cryptography/curve25519-dalek#473, and the timeline of dalek-cryptography/curve25519-dalek#405 however, dalek-ff-group may be deprecatable in favor of the provided Scalar/SubgroupPoint. I'd have to double check, as dalek-ff-group technically has the... intended unsafe behavior of supporting non-prime-order points if manually constructed, which may be needed by the Monero lib for compliance there (though we should be able to work around that). Moving this out of our scope would be great.
There is the caveat that dalek-ff-group also offers the Ed25519 field over ff, as needed for the Monero hash-to-curve function. Even if we can re-export Scalar/SubgroupPoint without issue, dalek-cryptography/curve25519-dalek#389 is the issue for exposing the FieldElement API. It isn't a priority, somewhat understandably. I may look into doing a PR to expose it later, as not only would it allow complete deprecation of dalek-ff-group, yet also would solve #68.
While it is somewhat unfortunate to discuss deprecation so soon after auditing, I'll note it was relatively small to audit (thankfully) and I'm unsure on the timeline on the above items. Historically, curve25519-dalek has had issues maintaining support. While 4.0 seems around the corner, hopefully with ff/group support, a further PR to expose the FE may be met with controversy. Considering the main reason for auditing dalek-ff-group was because it implemented that field itself... the overall premise/reasoning/benefit holds.
The text was updated successfully, but these errors were encountered: