ineiti
commented
4 years ago Hi Ian,
from what I know, there are currently no plans to do this. But if you want to give it a shot, I'm sure it would be accepted as a PR ;)
The *25519 groups in this library per default also only use 1/8 of the available points (and scalars), which is parametrizable using the subgroup parameter: https://github.com/dedis/kyber/blob/cf1d7f3a955c4dff40bf5b1b27576ea9713569a8/group/curve25519/suite.go#L59
Hello,
As usual, many thanks for the most fantastic crypto construction Go library out there!
Are there any plans for Ristretto support? The group is
ristretto255, which is built on top of Curve25519, so I assume this shouldn't be too hard to implement it in the current framework. Apparently, there are arguments in favour of usingristretto255, as opposed toed25519, but I don't strictly understand what the benefits are. Am I right to assume thatristretto255only uses 1/8 of the points, thus somehow eliminating the risk of malleability?Cheers, Ian