The Order() routine in the spec is only 'consumed' by the definition of the hash functions (H4 etc) and routines like DeserializeScalar(), so it's basically not really a part of the public API, we should remove it.
The order is all over the place but in restricting polynomial coordinates and nonce values etc, which are represented fine in our types (Scalar etc).
This specifically impacts p256: Scalar should only be required to represent anything in 0 <= x < n while order() is n. (This will indeed be the case in P-256 since the p256 crate does not support representing values out of the range).
The Order() routine in the spec is only 'consumed' by the definition of the hash functions (H4 etc) and routines like DeserializeScalar(), so it's basically not really a part of the public API, we should remove it.
The order is all over the place but in restricting polynomial coordinates and nonce values etc, which are represented fine in our types (
Scalar
etc).This specifically impacts p256:
Scalar
should only be required to represent anything in 0 <= x < n whileorder()
is n. (This will indeed be the case in P-256 since the p256 crate does not support representing values out of the range).Group::order()
fromfrost-core
frost-ristretto255
frost-p256