search

dalek-cryptography / curve25519-dalek

A pure-Rust implementation of group operations on Ristretto and Curve25519
Other
905 stars 465 forks source link

Implement `Reduce` trait #688

Open sushisilence opened 3 months ago

sushisilence commented 3 months ago

Inconsistent scalar reduction across different curve implementations

Context

I'm developing a threshold signing library that needs to be generic over different elliptic curves, specifically targeting k256 and curve25519-dalek. The library currently uses the Group trait for most operations, but I've encountered an issue with scalar reduction from U256.

Problem

When implementing generic operations like Discrete Log proofs, I need to reduce a U256 value to a curve scalar. However, there's inconsistency in how different curve implementations handle this:

There's no common trait that both curves implement for modular reduction, which complicates writing generic code.

Questions

  1. Are there plans to implement the Reduce trait for curve25519-dalek::Scalar?
  2. If not, is there a recommended workaround or best practice for handling this discrepancy in generic code?

Additional Information

Any guidance or suggestions would be greatly appreciated. Thank you!

tarcieri commented 3 months ago

See also: #492

sushisilence commented 3 months ago

For this specific case, I believe a quick Reduce<U256> and Reduce<U512> implementation should resolve it. Which seems straightforward using the existing from_bytes_mod_order and from_bytes_mod_order_wide. It will also make progress towards #492. WDYT @tarcieri?

tarcieri commented 3 months ago

It could potentially be implemented, although elliptic-curve isn't currently a dependency and it might contain some assumptions about curves being of prime order

mahmudsudo commented 1 month ago

can i take on this ?

sushisilence commented 1 month ago

I'm not working on it, so you can go for it!

mahmudsudo commented 1 month ago

oky thanks , can i be assigned to it ?