Missing `Scalar::from_bits_clamped`

dalek-cryptography / curve25519-dalek

A pure-Rust implementation of group operations on Ristretto and Curve25519

Other

867 stars 439 forks source link

Missing `Scalar::from_bits_clamped` #537

Closed mrain closed 1 year ago

mrain commented 1 year ago

This function is provided since fedb145. May I ask why it's not included in the newest release 4.0.0-rc3?

rozbb commented 1 year ago

Hi Chengyu. This was the result of a long discussion. The top of the thread in https://github.com/dalek-cryptography/curve25519-dalek/pull/519 is a good starting point.

The tldr is that Scalars constructed this way weren't actually field elements because they could exceed the modulus. This lead to lower performance and higher complexity. So we killed the constructor and outlined some alternatives

mrain commented 1 year ago

Hi Chengyu. This was the result of a long discussion. The top of the thread in #519 is a good starting point.

The tldr is that Scalars constructed this way weren't actually field elements because they could exceed the modulus. This lead to lower performance and higher complexity. So we killed the constructor and outlined some alternatives

Thank you for the quick response! I'll check the discussion.