use compressed representation for reply key#496
Conversation
Pull Request Test Coverage Report for Build 12867632160Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
|
@DanGould thoughts on modifying the HPKE crate to support ellswift & compressed serializations more directly? arguably that's out of scope, but it wouldn't add any dependencies. alternatively, what about exposing a pub method that returns the internal secp256k1::PublicKey (but not making the type member itself pub). this is also a bit meh because it would expose implementation details of the hpke crate. i think i'd still be in favor because pretending the bitcoin hpke stuff is agnostic to secp256k1 seems kind of pedantic, and this conversion is a bit roundabout (harming readability), adds boilerplate, and is also a bit wasteful (although i think the wastefulness can be mostly addressed by using the unchecked variants when going through the uncompressed form, saving a modular inversion on the field which is the expensive part of checking that a point is on the curve). |
I'm cool with it. Seems like other applications might have a use for it, and the abstraction seems more appropriate and ergonomic there.
Opposed because like you say then it varies a bit more from the generic HPKE implementation, but in favor because that bitcoin_hpke crate is specifically about the use case here AND for potential nostr OpenMLS implementations, which I reckon would benefit from the secp256k1 specifics. I'd need to more deeply consider how big the change is, and especially the maintenance cost of diverging from rust-hpke in that way. |
payjoin/src/hpke.rs
Outdated
|
|
||
| fn pubkey_from_compressed_bytes(pk_bytes: &[u8]) -> Result<HpkePublicKey, HpkeError> { | ||
| let uncompressed_pk_bytes = | ||
| bitcoin::secp256k1::PublicKey::from_slice(pk_bytes)?.serialize_uncompressed(); |
There was a problem hiding this comment.
May you import bitcoin::secp256k1 to abbreviate calls here and elsewhere in the file?
There was a problem hiding this comment.
initially I did but it makes it kinda confusing as there's already these types in hpke.rs:
pub type PublicKey = <SecpK256HkdfSha256 as hpke::Kem>::PublicKey;
pub struct HpkePublicKey(pub PublicKey);
pub type EncappedKey = <SecpK256HkdfSha256 as hpke::Kem>::EncappedKey;all of which are representations of public keys that are actually meaningful, whereas this one is just for the serialization
maybe importing only in the functions to emphasize that makes sense? although it doesn't actually reduce the boilerplate
There was a problem hiding this comment.
oh wait do you mean only use bitcoin::secp256k1 and write it as secp256k1::PublicKey to omit the bitcoin:: prefix?
There was a problem hiding this comment.
Yes the latter use bitcoin:secp256k1 to omit the bitcoin:: prefix
Hmm, arguably the |
I have no problem exposing this as an opaque error variant without an encapsulated |
3 participants
Closes #492