Closed snej closed 2 years ago
FYI, the Secret Handshake algorithm is described in this paper, pp.9-11. The synopsis is:
I assume the "a . b" parts are where crypto_scalarmult
comes in.
This is untested, but seems like it should check out:
Monocypher's crypto_x25519
should be completely compatible with crypto_scalarmult
. Monocypher's crypto_x25519_public_key
should be completely compatible with crypto_scalarmult_base
. Give it a quick test with random values.
See also: tests/gen/x25519.c
, which tests libsodium compat on this.
I can confirm that:
crypto_x25519()
is compatible with Libsodium's crypto_scalarmult()
crypto_x25519_public_key
is compatible with crypto_scalarmult_base()
As @fscoto noted, this compatibility is enforced by the test suite.
Libsodium and Monocypher have different philosophies for naming, hence the name difference: I went with describing the official name of the primitive whenever applicable, while Libsodium went with "higher level" sounding names whenever applicable.
Thanks!
To reimplement SecretHandshake with Monocypher, it looks like I'd need an equivalent of libSodium's
crypto_scalarmult
function. Monocypher doesn't seem to expose anything similar, and I know little about elliptic curves so I can't tell if there's something comparable buried inside the code. Any ideas?