FoundationKen
commented
3 years ago Hi Andrew! Thanks for taking the time to look into this.
I'll add this to my list of issues to investigate. A quick look suggests that we could probably replace the few places in the code where we do signing without much trouble (just map the calls through from MicroPython to C).
I'll need to spend some time reviewing the libsecp256k1 code and compare it with trezor to see what else might be possible.
I definitely appreciate you being open to changes to support embedded development (I also saw you were open to improvements for use in embedded/nostd use cases in your Rust library, which is great).
Cheers!
EvanWinget
jonathancross
Hi,
I wonder if this project has considered using libsecp256k1 rather than trezor-crypto? libsecp is entirely constant-time, uses no dynamic memory allocations (except when constructing a precomputation context, but you can do this in a fixed slab of memory if you want), has significantly more review cycles than any other cryptography library focused on secp256k1 EC crypto. It is focused purely on Bitcoin and Bitcoin applications and is used by Bitcoin Core.
If there are pain points related to using our library in an embedded context we'd like to hear about them -- over the last 18 months we've fixed a number of issues that had complicated the embedded development story, including making it possible to compile without any libc and simplifying the process of building the library without autotools (although the latter lacks documentation.).
Andrew