Skip to content

Implement scalar arithmetic via Barrett reduction #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nickray wants to merge 1 commit into from
Closed

Implement scalar arithmetic via Barrett reduction #56

nickray wants to merge 1 commit into from

Conversation

@nickray
Copy link
Member

@nickray nickray commented Jun 22, 2020

To make #54 more concrete.

tarcieri
tarcieri reviewed Jun 22, 2020
View reviewed changes
p256/src/arithmetic/scalar.rs
/// Parses the given byte array as hashed message.
///
/// Subtracts the modulus when the byte array is larger than the modulus.
pub fn from_hash(bytes: [u8; 32]) -> Self {
Copy link
Member

@tarcieri tarcieri Jun 22, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would expect a from_hash method to accept a Digest instance. How about naming it from_bytes_mod_order instead?

Suggested change
pub fn from_hash(bytes: [u8; 32]) -> Self {
pub fn from_bytes_mod_order(bytes: [u8; 32]) -> Self {

You could then add a from_hash method that does accept a Digest instance (gated on a digest feature)

Copy link
Member Author

@nickray nickray Jun 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what the right name is. Thinking generically, this is tied to "Let z be the leftmost bits of , where is the bit length of the group order n.", which for p256 is just reduction but for other curves can involve right-shifts. So I'd like a method and name that captures this requirement. Ideas/prior art?

Copy link
Member

@tarcieri tarcieri Jun 24, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think from_hash is fine if the argument is a Digest instance. There's a bit of a rationale for why e.g. signature::DigestSigner takes one (as opposed to a byte array) here:

https://docs.rs/signature/1.1.0/signature/trait.DigestSigner.html#notes

Copy link
Member

@tarcieri tarcieri Jul 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nickray since this method is specific to p256 (and after #73 we no longer need to worry about coming up with cross-curve arithmetic abstractions for ECDSA) how about just calling this from_bytes_reduced?

Copy link
Member Author

@nickray nickray Jul 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I'll follow along if/when #76 is merged 👍

Copy link
Member

@tarcieri tarcieri Jul 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm actually liking #78 better at this point

@nickray nickray mentioned this pull request Jun 22, 2020
Closed
@tarcieri tarcieri mentioned this pull request Jul 22, 2020
Merged
@tarcieri
Copy link
Member

tarcieri commented Jul 22, 2020

Merged as 061a1a2 in #83

@tarcieri tarcieri closed this Jul 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tarcieri tarcieri tarcieri left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nickray @tarcieri