search

dalek-cryptography / curve25519-dalek

A pure-Rust implementation of group operations on Ristretto and Curve25519
Other
867 stars 439 forks source link

`Scalar::from_bits` regression #547

Closed parazyd closed 1 year ago

parazyd commented 1 year ago

Hi. It seems in the latest release candidate, the Scalar::from_bits function introduced a regression.

My code can be found in https://github.com/darkrenaissance/darkfi/tree/master/script/research/x3dh and can be tested with cargo run --release inside this directory.

The actual location where the function is used is here: https://github.com/darkrenaissance/darkfi/blob/master/script/research/x3dh/src/xeddsa.rs#L54

This used to work up until I updated to 4.0.0-rc.3, and now signature verification is failing.

tarcieri commented 1 year ago

Scalar::from_bits is deprecated. Can you try migrating to e.g. EdwardsPoint::mul_base_clamped?

parazyd commented 1 year ago

Yes, I realise it's being deprecated, so this is why I am trying to update my code. I still however need to invert the private key if the Ed25519 public key sign bit is one. Is there any way I can do that with the raw bytes? https://github.com/darkrenaissance/darkfi/blob/master/script/research/x3dh/src/xeddsa.rs#L66

rozbb commented 1 year ago

Can you try:

use curve25519_dalek::scalar{clamp_integer, Scalar};
// ...
let scalar_k = Scalar::from_bytes_mod_order(clamp_integer(self.to_bytes()));
parazyd commented 1 year ago

Can you try:

use curve25519_dalek::scalar{clamp_integer, Scalar};
// ...
let scalar_k = Scalar::from_bytes_mod_order(clamp_integer(self.to_bytes()));

Ah yes, this works well! Thank you!

rozbb commented 1 year ago

Great to hear! Closing