Closed dconnolly closed 2 years ago
Pretty sure curve25519-dalek does the correct thing and Scalar
allows zero under the hood:
https://github.com/dalek-cryptography/curve25519-dalek/blob/main/src/scalar.rs
And we use Scalar::random()
to generate and do filter the result.
https://github.com/ZcashFoundation/frost/blob/main/frost-ristretto255/src/frost/keys.rs#L186
Per https://github.com/cfrg/draft-irtf-cfrg-frost/pull/130