vmedea
commented
3 years ago There is a FOSS secp256k1 core (verification only, no signing) here: https://github.com/ZcashFoundation/zcash-fpga/tree/master/zcash_fpga/src/rtl/secp256k1
Open ediliziosantrapa opened 3 years ago
vmedea
commented
3 years ago There is a FOSS secp256k1 core (verification only, no signing) here: https://github.com/ZcashFoundation/zcash-fpga/tree/master/zcash_fpga/src/rtl/secp256k1
bunnie
commented
3 years ago Awesome, thanks for the link. Will keep this in mind ...
However, some have also noted that the frequency of secp256k1 operations is relatively low for cryptocurrency transactions, and so it may be fine to do it in software. The main reason for the Curve25519 stuff to be in hardware is because the double-ratchet pubkey operation could potentially happen every chat message (~1/second max rate), which is orders of magnitude more frequent, I gather, than the rate of verification and signing for cryptocurrency?
vmedea
commented
3 years ago I agree. The zcash FPGA project aimed to speed up validation of the entire block chain, which is a lot of signatures. This requires powerful hardware in general, and a lot of memory.
A hardware wallet app would do signing at the user's request, possibly validation for checking their own transactions. This is very low frequency and just as well handled in software.
I assume this is out of scope for now, and it may be more appropriate bundled in the other crypto issue...
Alongside edd25519, certain cryptocurrencies require secp256k1 also to peform adequately. Grin for example, which is arguably the most cypherpunk currency with core value of maximum simplicity, and original code was written entirely in rust, needs secp256k1.