w3f / schnorrkel

Schnorr VRFs and signatures on the Ristretto group
BSD 3-Clause "New" or "Revised" License
314 stars 93 forks source link

Publish a new version? #63

Closed tomaka closed 3 years ago

tomaka commented 3 years ago

The latest version has been published back in March 2020, around 10 months ago. The diff is starting to be quite substantial: https://github.com/w3f/schnorrkel/compare/156b84d6b49c43b49d38869a355a472ce9f30ef3...master

burdges commented 3 years ago

Agreed, thanks for reminding me, although those changes all look quite minor, except the rename from VRFOutput to VRFPreOut impacts downstream crates. I should probably add

#[deprecated(
    since = "0.9.2",
    note = "Please use VRFPreOut instead of VRFOutput"
)]
pub type VRFOutput = VRFPreOut;

I'd wanted to rewrite musig.rs too, or really pull in all isis' much nicer version from https://github.com/isislovecruft/frost-dalek/ but maybe this could be yet another version.

tomaka commented 3 years ago

It would be great to also bump merlin to 3.0.0. Apparently there were no breaking changes apart from using a different version of rand.

burdges commented 3 years ago

I'll switch to https://github.com/zkcrypto/curve25519-dalek-ng too. lol

tomaka commented 3 years ago

Ping! I'm still waiting for a version in order to in turn publish a version of smoldot on crates.io.

burdges commented 3 years ago

Done! Thanks! :)

gilescope commented 3 years ago

@burdges was switching to curve25519-dalek-ng the right call in hindsight? should we switch back - there seems to be more contributors to the original crate...

burdges commented 3 years ago

I suppose https://github.com/dalek-cryptography/merlin/issues/63 says either works really..

I think neither is perfectly maintained, and we should not require either one's changes, but whatever.. I've noticed ng miss a couple good changes but nothing overly relevant here. I've now forgotten which changes though. A priori, I'd stick with HdV's versions since he is the one who knows elliptic curves.

Anyways..

We've replaced ed25519-dalek with ed25519-zebbra because ed25519-dalek continually got batch verification wrong. And ed25519-zebbra presumably switched.