hannesm
commented
7 months ago The good news is that the primitives (finite element operations) can be generated by fiat-crypto.
The missing bits are the group operations, and the DSA/DH (depending on what you need) on top of it -- this was easy (available) for the r1 curves (point_operations.h / inversion_template.h) -- if you find corresponding code somewhere in the public domain (under a permissive license), that should be straightforward. Maybe you want to follow up on https://github.com/mit-plv/fiat-crypto/issues/1444? Or follow the discussion over there to find the right code?
I won't have much time to look into this, unfortunately.
https://github.com/mirage/mirage-crypto/pull/101 says it requires "more thorough investigation"
is it planned?