-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional SecretKeyFactory
constructors
#64
Conversation
SecretKeyFactory
constructors
Not sure what you mean here by aliasing, but FWIW, the intermediate key material, resulting from the KDF, should be 64 bytes ( |
It is.
But this, unfortunately, is not the case. Current implementation of |
If that's the case, then we'd need to use some modular arithmetic properties to work with 32 byte inputs. Then |
@fjarri BTW, is the 32-byte restriction on //! Scalar field arithmetic.
use cfg_if::cfg_if;
cfg_if! {
if #[cfg(any(target_pointer_width = "32", feature = "force-32-bit"))] {
mod scalar_8x32;
use scalar_8x32::Scalar8x32 as ScalarImpl;
#[cfg(feature = "rand")]
use scalar_8x32::WideScalar16x32 as WideScalarImpl;
} else if #[cfg(target_pointer_width = "64")] {
mod scalar_4x64;
use scalar_4x64::Scalar4x64 as ScalarImpl;
#[cfg(feature = "rand")]
use scalar_4x64::WideScalar8x64 as WideScalarImpl;
}
} In any case, I don't see why the input to |
I'm going to merge that for the added functionality. The hashing to scalar is to be handled when fixing #35 |
SecretKeyFactory::secret_key_factory_by_label()
(fixes Add a method to produce aSecretKeyFactory
from another factory deterministically. #59)SecretKeyFactory::from_secure_randomness()
andseed_size()
(fixes Add a method to deserializeSecretKeyFactory
from an externally created bytestring #57)SecretKeyFactory
from 64 to 32 bytes (as discussed with @cygnusv).Note that the derived key size is still 64 bytes in
secret_key_by_label()
to reduce aliasing when converting the derived bytes into a scalar (with modulo reduction). Since they pass through a hash function, I'm not sure if that's important.Also, in Discord @cygnusv suggested using
Scalar::from_bytes_reduced()
instead offrom_digest()
to avoid the hashing step insecret_key_by_label()
. I have the following concerns about it:FieldBytes
argument, which indicates that it's a semi-internal function - there is no "official" way to createFieldBytes
. Technically, it is an alias forGenericArray
, so it can be created, but seems a little fragile.from_bytes_reduced()
just takes a modulus, so if we're passing 32 bytes to it (the current size ofFieldBytes
), it can introduce aliasing.