Comments (4)
Sorry I wasn't able to get back to looking at this until now.
The intention of both the Point and Secret interfaces is that you are supposed to set objects of those classes explicitly to something before you try to use them (e.g., in Equal or any other method that reads them). For example, if you want to compare a point P against the neutral element, then you might do P.Equal(suite.Point().Null()), not just P.Equal(suite.Point()). If you want to compare P against the standard base point, you might do P.Equal(suite.Point().Base()). I just committed a change to the documentation for abstract.Group to clarify this requirement; sorry that was left unclear.
It's of course perfectly debatable whether the Point/Secret interfaces should require explicit initialization before use: for example, Go's big.Int does not require initialization before use, such that any uninitialized big.Int defaults to zero. That's convenient, and probably makes sense for general-purpose big.Int calculations. However, since Secret and Point objects are specifically intended for security-critical usage scenarios, in which buggy code that forgets to initialize a Secret or Point to the non-zero value it's supposed to have might very easily "fail open" and look like it's behaving correctly while in fact being completely insecure, it seemed to me that avoiding that security risk of actually having a Secret or Point default to a "null" value seems worth the slight convenience cost of requiring every Secret or Point to be explicitly initialized before use.
Make sense?
B
from kyber.
Thanks, I thought group.Point() and group.Secret() returned initialized objects. I should be able to finish up the testing code now.
As a side note, for the different cryptographic schemes that we have, are there any that will generate a fresh, initialized secret (private key) and a point (public key) from that secret?
from kyber.
On Jan 28, 2015, at 3:31 PM, William Bailey [email protected] wrote:
Thanks, I thought group.Point() and group.Secret() returned initialized objects. I should be able to finish up the testing code now.
As a side note, for the different cryptographic schemes that we have, are there any that will generate a fresh, initialized secret (private key) and a point (public key) from that secret?
Use Secret.Pick() to generate the fresh private key and Point.Mul() to produce its public key. Just grep through the crypto library source code and existing test cases and you’ll find a lot of examples where that is done.
B
—
Reply to this email directly or view it on GitHub #21 (comment).
from kyber.
Thanks!
from kyber.
Related Issues (20)
- The tests are missing negative tests and test-vectors
- The BN256 curve is not providing 128 bits of security
- How to use ECIES with existing keys? HOT 7
- Group Membership Checking HOT 6
- Investigate bringing in optimisations in from cloudflare/bn256 HOT 2
- ElGamal Pair Sequences HOT 1
- use kyber keys with different libraries HOT 13
- Misleading comment on the "hashToPoint()" function HOT 1
- How to transmit shares over the network? HOT 4
- Use another suite for sign and verify in DKG
- How to run tbls over network? HOT 4
- Testing HOT 1
- Infinite for loop while embedding data in an Ed25519 point HOT 1
- Old dkg nodes doesn't certify after re-sharing HOT 1
- found a bug in dkg_test HOT 1
- Bug: share/dkg/rabin: All N participants must be available HOT 5
- Bug: share/vss/rabin MinimumT(6)=3 instead of 4 HOT 12
- Build fails on MacOS HOT 4
- github-workflow: go mod tidy fails HOT 1
- Inconsistent edwards25519's Scalar (un)marshaling for some inputs. HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kyber.