snej
commented
2 years ago FYI, the Secret Handshake algorithm is described in this paper, pp.9-11. The synopsis is:
I assume the "a . b" parts are where crypto_scalarmult comes in.
Closed snej closed 2 years ago
snej
commented
2 years ago FYI, the Secret Handshake algorithm is described in this paper, pp.9-11. The synopsis is:
I assume the "a . b" parts are where crypto_scalarmult comes in.
fscoto
commented
2 years ago This is untested, but seems like it should check out:
Monocypher's crypto_x25519 should be completely compatible with crypto_scalarmult. Monocypher's crypto_x25519_public_key should be completely compatible with crypto_scalarmult_base. Give it a quick test with random values.
See also: tests/gen/x25519.c, which tests libsodium compat on this.
LoupVaillant
commented
2 years ago I can confirm that:
crypto_x25519() is compatible with Libsodium's crypto_scalarmult()crypto_x25519_public_key is compatible with crypto_scalarmult_base()As @fscoto noted, this compatibility is enforced by the test suite.
Libsodium and Monocypher have different philosophies for naming, hence the name difference: I went with describing the official name of the primitive whenever applicable, while Libsodium went with "higher level" sounding names whenever applicable.
snej
commented
2 years ago Thanks!
To reimplement SecretHandshake with Monocypher, it looks like I'd need an equivalent of libSodium's
crypto_scalarmultfunction. Monocypher doesn't seem to expose anything similar, and I know little about elliptic curves so I can't tell if there's something comparable buried inside the code. Any ideas?