Commits on Jan 5, 2022

1. feat: Add is_small_order_point, is_prime_subgroup_point …

   In a nutshell, this offers an opt-in way of performing some public key checks relating to small order components, without having to pay an additional point decompression.
   
   In detail:
   Since dalek-cryptography@8dbaf9a, the `PublicKey` type is the performant way to carry public key material, with an eager check that the point is on curve.
   
   However, some applications which may like eager point decompression also need to check whether the point is small order, or even torsion-free:
   - aligning a discrepancy in verification between batch verification and iterated verification (see dalek-cryptography#115),
   - avoiding small subgroup confinement attacks in a DH,
   - ...
   
   `verify_strict` was introduced to offer an opt-in approach to some of this sort of scrutiny at the time the key is used, but cannot be performed eagerly, e.g. at the time of deserializing a public key.
   
   Rejecting small order keys (or worse non-torsion-free) keys on deserialization would have a performance impact. However, it's still desirable to have the option to do so long before the key is ever used for any actual cryptographic purpose (e.g. signature verification).
   
   In order to perform this sort of check, some code bases have taken to [re-implementing the check from the bytes representation of the key, which involves an additional decompression](https://github.com/diem/diem/blob/a290b0859a6152a5ffd6f85773a875f17334adac/crates/diem-crypto/src/ed25519.rs#L358-L386).
   The added functions of this PR allow the checks to be performed without additional decompression.

   

   huitseeker committed Jan 5, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 8c00d63
   • Browse repository at this point

   Copy the full SHA

   8c00d63 View commit details

   Browse the repository at this point in the history