search

cfrg / draft-irtf-cfrg-frost

Other
22 stars 9 forks source link

FROST(ristretto255, SHA-512) feedback #260

Closed chris-wood closed 2 years ago

chris-wood commented 2 years ago

From @pornin:

FROST(ristretto255, SHA-512)

Same comment about scalar decoding as for Ed25519.

Here, DeserializeElement() does NOT reject the identity (either as a
public key or as a commitment). It is weird to explicitly reject it
for Ed25519 and Ed448 (in contradiction with RFC 8032) and not
reject it for ristretto255 (where there is no existing signature
standard that should be adhered to for interoperability). I would
have expected the opposite (accept the identity for Ed25519 and
Ed448 because of interoperability issues, but reject it for
ristretto255 because the identity is a really daft public key).
chris-wood commented 2 years ago

This should be addressed now.