Coder Social home page Coder Social logo

Comments (6)

omershlo avatar omershlo commented on July 18, 2024

You claim that the group order must be explicitly stated?
Btw, this is not a secret key , just a random field element...

from curv.

kigawas avatar kigawas commented on July 18, 2024

No, actually you can just use SK::new(&mut thread_rng());

I mean for this code:

impl Secp256k1Point {
    pub fn random_point() -> Self {
        let random_scalar: Secp256k1Scalar = Secp256k1Scalar::new_random();  // <- if it's not a valid secret key, the whole thing crashes
        let base_point = Self::generator();
        let pk = base_point.scalar_mul(&random_scalar.get_element());
        Self {
            purpose: "random_point",
            ge: pk.get_element(),
        }
    }
}

from curv.

omershlo avatar omershlo commented on July 18, 2024

Using SK::new(&mut thread_rng()); is the same as what I am doing.
The secp256k1 library is taking care on how to securely sample the number in the field. When the consumed library provide this service (and in this case it's even constant time) then I prefer to use it than to write my own random sampler. i.e. to avoid stuff like the first vulnerability in the audit:
https://github.com/KZen-networks/curv/blob/master/audit/kzen-curv-audit%20final%2003.01.2019.pdf

from curv.

kigawas avatar kigawas commented on July 18, 2024

Hmm...It's little different since it's possibly continuously generating valid random bytes in the library:

impl SecretKey {
    /// Creates a new random secret key. Requires compilation with the "rand" feature.
    #[inline]
    #[cfg(any(test, feature = "rand"))]
    pub fn new<R: Rng + ?Sized>(rng: &mut R) -> SecretKey {
        let mut data = random_32_bytes(rng);
        unsafe {
            while ffi::secp256k1_ec_seckey_verify(
                ffi::secp256k1_context_no_precomp,
                data.as_ptr(),
            ) == 0
            {
                data = random_32_bytes(rng);
            }
        }
        SecretKey(data)
    }
    // ...
}

from curv.

kigawas avatar kigawas commented on July 18, 2024

Suggest changing it to

    fn new_random() -> Self {
        Self {
            purpose: "random",
            fe: SK::new(&mut thread_rng()),
        }
    }

which looks nicer :)

from curv.

omershlo avatar omershlo commented on July 18, 2024

this is called rejection sampling and this is the right and secure way to generate this random number.

from curv.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.