mirror of
https://github.com/serai-dex/serai.git
synced 2025-12-08 12:19:24 +00:00
90bc364f9f
The prior-present `Ciphersuite::hash_to_F` was a sin. Implementations took a DST, yet were not require to securely handle it. It was also biased towards the requirements of `modular-frost` as `ciphersuite` was originally written all those years ago, when `modular-frost` had needs exceeding what `ff`, `group` satisfied. Now, the hash is bound to produce an output which can be converted to a scalar with `ff::FromUniformBytes`. A new `hash_to_F`, which accepts a single argument of the value to hash (removing the potential to insecurely handle the DST by removing the DST entirely). Due to `digest` yielding a `GenericArray`, yet `FromUniformBytes` taking a `const usize`, the `ciphersuite` crate now defines a `FromUniformBytes` trait taking an array (then implemented for all satisfiers of `ff::FromUniformBytes`). In order to get the array type from the `GenericArray`, the output of the hash, `digest` is updated to the `0.11` release candidate which moves to `flexible-array` which solves that problem. The existing, specific `hash_to_F` functions have been moved to `modular-frost` as necessary. `flexible-array` itself is patched to a fork due to https://github.com/RustCrypto/hybrid-array/issues/131.
embedwards25519
A curve defined over the Ed25519 scalar field.
This curve was found via tevador's script for finding curves (specifically, curve cycles), modified to search for curves whose field is the Ed25519 scalar field (not the Ed25519 field).
p = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed
q = 0x0fffffffffffffffffffffffffffffffe53f4debb78ff96877063f0306eef96b
D = -420435
y^2 = x^3 - 3*x + 4188043517836764736459661287169077812555441231147410753119540549773825148767
The embedding degree is (q-1)/2.
This curve should not be used with single-coordinate ladders, and points should always be represented in a compressed form (preventing receiving off-curve points).