Closed mahnunchik closed 1 year ago
https://github.com/paulmillr/noble-curves/discussions/33
For the compatability with elliptic implementation
key.slice(0, 32)
But sha512(secret) !== sha512(secret.slice(0, 32))
if secret has more then 32 bytes
Elliptic is wrong here. It's not standard. Other libraries who have 64-byte private keys split it into 32-byte secret and 32-byte public. If elliptic implements it like you've said, it has behavior which radically differs from everyone else.
Moreover, as you may know, elliptic eddsa implementation is broken, produces invalid results, and is not secure.
Allow more than 32 bytes to be passed as private key (seed) to Edwards curves.
For the compatability with elliptic implementation it would be helpful to be able to pass more then 32 bytes (64 bytes in my case) as a secret.
Edwards curves use a hash of the secret, so more bytes don't reduce security.
https://github.com/paulmillr/noble-curves/blob/62e806cfaf961f58161382351f4def4c0345fbd9/src/abstract/edwards.ts#L421
Preposed solution: