Skip to content

Implement scalar arithmetic via Barrett reduction#56

Closed
nickray wants to merge 1 commit into
RustCrypto:masterfrom
nickray:scalars
Closed

Implement scalar arithmetic via Barrett reduction#56
nickray wants to merge 1 commit into
RustCrypto:masterfrom
nickray:scalars

Conversation

@nickray

@nickray nickray commented Jun 22, 2020

Copy link
Copy Markdown
Member

To make #54 more concrete.

tarcieri
tarcieri reviewed Jun 22, 2020
View reviewed changes
Comment thread p256/src/arithmetic/scalar.rs
/// Parses the given byte array as hashed message.
///
/// Subtracts the modulus when the byte array is larger than the modulus.
pub fn from_hash(bytes: [u8; 32]) -> Self {

@tarcieri tarcieri Jun 22, 2020
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would expect a from_hash method to accept a Digest instance. How about naming it from_bytes_mod_order instead?

Suggested change
pub fn from_hash(bytes: [u8; 32]) -> Self {
pub fn from_bytes_mod_order(bytes: [u8; 32]) -> Self {

You could then add a from_hash method that does accept a Digest instance (gated on a digest feature)

@nickray nickray Jun 23, 2020
edited
Loading

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what the right name is. Thinking generically, this is tied to "Let z be the leftmost bits of , where is the bit length of the group order n.", which for p256 is just reduction but for other curves can involve right-shifts. So I'd like a method and name that captures this requirement. Ideas/prior art?

@tarcieri tarcieri Jun 24, 2020

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think from_hash is fine if the argument is a Digest instance. There's a bit of a rationale for why e.g. signature::DigestSigner takes one (as opposed to a byte array) here:

https://docs.rs/signature/1.1.0/signature/trait.DigestSigner.html#notes

@tarcieri tarcieri Jul 16, 2020
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nickray since this method is specific to p256 (and after #73 we no longer need to worry about coming up with cross-curve arithmetic abstractions for ECDSA) how about just calling this from_bytes_reduced?

@nickray nickray Jul 16, 2020

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I'll follow along if/when #76 is merged 👍

@tarcieri tarcieri Jul 16, 2020

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm actually liking #78 better at this point

@nickray nickray mentioned this pull request Jun 22, 2020
Closed
@tarcieri tarcieri mentioned this pull request Jul 22, 2020
Merged
@tarcieri

tarcieri commented Jul 22, 2020

Copy link
Copy Markdown
Member

Merged as 061a1a2 in #83

@tarcieri tarcieri closed this Jul 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tarcieri tarcieri tarcieri left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nickray @tarcieri