ed25519: fix edwardsToMontgomery formula; implement edwardsToMontgomeryPriv

paulmillr / noble-curves

Audited & minimal JS implementation of elliptic curve cryptography.

https://paulmillr.com/noble

MIT License

664 stars 62 forks source link

ed25519: fix edwardsToMontgomery formula; implement edwardsToMontgomeryPriv #32

Closed mirceanis closed 1 year ago

mirceanis commented 1 year ago

fixes #31

This fixes the formula used in edwardsToMontgomery. I also implemented the equivalent transformation for private keys edwardsToMontgomeryPriv and added a bunch of tests.

Is there a reason ed25519-addons.test.js wasn't being run during npm test ? I included it as well.

My IDE rearranged the imports and whitespace to fit prettier rules. If that's an issue I can revert.

ukstv commented 1 year ago

@mirceanis Hahaha, was about to make a PR for exactly the same issue! Discovered wrong formula while trying to replace stablelib dependencies with @noble/curves. You made it first!

ukstv commented 1 year ago

Hey @paulmillr do you think you could address the issue we discovered here so that we could further adopt noble-crypto in DID-related realm?

paulmillr commented 1 year ago

Thanks,

Could you add an alias for edwardsToMontgomery called edwardsToMontgomeryPub? We will keep the old name for backwards compat for now.

I also assume the new priv function is the same as ed25519.utils.getExtendedPublicKey().head? And could be replaced with it?

paulmillr commented 1 year ago

renamed manually