[Question] Options for SHA256, ECC

[alberk8]

Hi, I really like your library implementation, just two files pure and simple. Is it possible to include optional, common sha256, ECC kobliz and NIST for signing?. Thank you.

[LoupVaillant]

Hi,

It's technically possible, but that's out of scope. Monocypher aims to be simple and to the point. Compatibility with other systems is not really a goal.

SHA-512 and Ed25519 are an exception, because the let me test Monocypher with reputable test vectors (I then added HMAC so SHA-512 users have a keyed mode just like Blake2b). If I had a reliable way to test EdDSA without relying on existing test vectors, Monocypher wouldn't support SHA-512 at all.

SHA-256 can't be justified the same way. I already have my test vectors, nobody is using EdDSA with SHA-256, and it's slow. It's easier on 32-bit machines, but if I cared about that I'd use Blake2s or Blake3, which are faster.

As for Koblitz curves and NIST (I think you meant ECDSA?): Monocypher already has ECC and signatures, and implementing those curve would not reuse any of Monocypher's code: the arithmetic is different (binary field), the equations are different, and the signature protocol is different. Even if I wanted to implement them (it's a lot of work, so I really don't) I would do so in a separate project.

Loup.

[alberk8]

Thank you for the comprehensive reply. I guess for what I am asking I have to look at mbedTLS. By the way, your solution is so elegant. I am not a C programmer but your code is so easy to read. Thank you for the project.

[LoupVaillant]

Readability of the code was an important goal of mine, glad you liked it.

Closing this now, I hope you find what you need.