Closed onyb closed 4 years ago
cslashm
commented
4 years ago The initial goal of ECPy is to provide pure python ECC. Thus, adding various native dependencies is not really in the right way.
Also, note that ECPy is not a ledger dedicated library but a more general purpose lib.
Nonetheless we can discuss the needs of Ledger and why they needs libsodium/openssl.... and why dont use pure python everywhere.
I invite you to PM me in order to discuss
onyb
commented
4 years ago I agree with you. I realised that ecpy shows up as the first google search result for “pure python ecc library”, and therefore the original purpose of the package should not change. Additionally, ecpy supports more curves than most alternatives out there, so maybe the focus could be on readability and curve support.
Here are the curves supported by competing libraries:
Closing this issue.
The idea is to provide a common interface to do elliptic curve cryptography, and choose the "backend" at runtime based on how ecpy was installed.
This will allow us to centralise all cryptographic code in Python, used internally at Ledger, instead of having to maintain custom wrappers based on the use-case. Some examples are given below:
I think this also adds value to the open source community, by providing a generic wrapper for all elliptic curve operations.
Here's how the installation would look like:
Using pure Python primitives
Using libsecp256k1 for the said curve, and pure Python for rest
Using libsodium
Using openssl
Let me know if this is outside the scope of ECPy, and not something that we want to do.