P2Pool/edwards25519
P2Pool/edwards25519
1
0
Fork 0
Code Issues Pull requests Releases Activity

edwards25519: document why this can't implement X25519

Browse source 
Thanks to @hdevalence for pointing out the issue with points on the twist.
This commit is contained in:
Filippo Valsorda 2021-01-31 15:10:24 +01:00 committed by GitHub
parent c5477978af
commit 32a46d7b75
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
edwards25519_test.go
View file

@ -259,8 +259,13 @@ func TestNonCanonicalPoints(t *testing.T) {
}
// TestBytesMontgomery tests the SetBytesWithClamping+BytesMontgomery path
// equivalence to X25519. (Note that you intentionally can't actually implement
// full X25519 with this package because there is no SetBytesMontgomery.)
// equivalence to curve25519.X25519 for basepoint scalar multiplications.
//
// Note that you can't actually implement X25519 with this package because
// there is no SetBytesMontgomery, and it would not be possible to implement
// it properly: points on the twist would get rejected, and the Scalar returned
// by SetBytesWithClamping does not preserve its cofactor-clearing properties.
//
// Disabled to avoid the golang.org/x/crypto module dependency.
/* func TestBytesMontgomery(t *testing.T) {
f := func(scalar [32]byte) bool {