Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add decaf448 #59

Merged
merged 4 commits into from
Jun 26, 2023
Merged

Add decaf448 #59

merged 4 commits into from
Jun 26, 2023

Conversation

stknob
Copy link
Contributor

@stknob stknob commented Jun 24, 2023

Based on draft-irtf-cfrg-ristretto255-decaf448-07, draft-irtf-cfrg-hash-to-curve-16 and the ristretto255 implementation.

@sublimator
Copy link
Contributor

nice :)

sublimator
sublimator reviewed Jun 25, 2023
View reviewed changes
test/ed448-addons.test.js
'f063769e4241e76d815800e4933a3a144327a30ec40758ad3723a788388399f7b3f5d45b6351eb8eddefda7d5bff4ee920d338a8b89d8b63',
'5a0104f1f55d152ceb68bc138182499891d90ee8f09b40038ccc1e07cb621fd462f781d045732a4f0bda73f0b2acf94355424ff0388d4b9c',
];
for (const badBytes of badEncodings) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's nothing like a should.each ?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nah, no need to complicate it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess if you really wanted to, you can just do "arr.forEach((e, i) => should(something - ${i} - ${e}, " but then again "throws(() => something(b), badBytes)" will report the exact culprit. So yeah

sublimator
sublimator reviewed Jun 25, 2023
View reviewed changes
test/ed448-addons.test.js
deepStrictEqual(point.toHex(), encodedHashToPoints[i]);
}
});
should('have proper equality testing', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just for testing DecafPoint#equals ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jup, basic testing of the equals method (based on the RistrettoPoint one).

@paulmillr
Copy link
Owner

This is great!

@paulmillr
Copy link
Owner

Tests seem to be failing.

@stknob
Copy link
Contributor Author

stknob commented Jun 25, 2023

Tests seem to be failing.

Forgot to run prettier on the files, should be fixed now.

@paulmillr
Copy link
Owner

Add benchmarks please and we're good to go.

@paulmillr
Copy link
Owner

Also, README docs.

@stknob
Add decaf448
e3a4bbf 
Based on draft-irtf-cfrg-ristretto255-decaf448-07,
draft-irtf-cfrg-hash-to-curve-16 and the ristretto255 implementation.

Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
@stknob
Add benchmarks for ristretto255 and decaf448
f471405 
Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
@stknob
Add benchmarks for hash_to_ristretto255 and hash_to_decaf448
ee3d381 
Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
@stknob
Expand ristretto255 and ed448 + decaf448 README section
08ea57c 
Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
@stknob stknob requested a review from paulmillr June 26, 2023 20:51
@paulmillr paulmillr merged commit af8c1ee into paulmillr:main Jun 26, 2023
2 checks passed
@paulmillr
Copy link
Owner

Thanks!

In the future, please don't force-push: this requires me to re-review all files for the second time, instead of just watching new/diff commits.

If you wanted to ensure history cleanliness, it's good, but no need: I can always squash-merge a PR if it gets too messy.

@sublimator
Copy link
Contributor

Nice! can use this for voprf

OKEAMAH added a commit to OKEAMAH/ethers.js that referenced this pull request Aug 19, 2024
@OKEAMAH
[Snyk] Upgrade @noble/curves from 1.2.0 to 1.4.2 (#6)
33bb483 
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)


<h3>Snyk has created this PR to upgrade @noble/curves from 1.2.0 to
1.4.2.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.

<hr/>


- The recommended version is **4 versions** ahead of your current
version.

- The recommended version was released on **a month ago**.



<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>@noble/curves</b></summary>
    <ul>
      <li>
<b>1.4.2</b> - <a
href="https://github.com/paulmillr/noble-curves/releases/tag/1.4.2">2024-07-01</a></br><ul>
<li>Typescript build: revert target from ES2022 to ES2020 due to compat
issues</li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://github.com/paulmillr/noble-curves/compare/1.4.1...1.4.2"><tt>1.4.1...1.4.2</tt></a></p>
      </li>
      <li>
<b>1.4.1</b> - <a
href="https://github.com/paulmillr/noble-curves/releases/tag/1.4.1">2024-07-01</a></br><ul>
<li>bls12-381: Add mapToCurve; fix typescript types</li>
<li>ed25519, utils: Improve tree-shaking</li>
<li>Typescript build: emit separate type declarations for ESM, to
improve compatibility</li>
<li>Typescript build: change target from ES2020 to ES2022</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/carleeto/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/carleeto">@ carleeto</a> made their first
contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2204585940"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#133"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/133/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/133">#133</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://github.com/paulmillr/noble-curves/compare/1.4.0...1.4.1"><tt>1.4.0...1.4.1</tt></a></p>
      </li>
      <li>
<b>1.4.0</b> - <a
href="https://github.com/paulmillr/noble-curves/releases/tag/1.4.0">2024-03-14</a></br><ul>
<li>Fix verification of BLS short signatures when using hex</li>
<li>Fix types in hash-to-field and weierstrass Entropy</li>
<li>Update noble-hashes <a
href="https://github.com/paulmillr/noble-hashes/releases/tag/1.4.0">to
v1.4</a>, adding support for Big-Endian platforms</li>
<li>Small utilities refactor to reduce code duplication</li>
<li>tsconfig improvements</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/ardislu/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/ardislu">@ ardislu</a> made their first
contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2091950555"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#110"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/110/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/110">#110</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/dhrubabasu/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/dhrubabasu">@ dhrubabasu</a> made their first
contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2139607575"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#117"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/117/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/117">#117</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/xrchz/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self" href="https://github.com/xrchz">@
xrchz</a> made their first contribution in <a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="2174811602" data-permission-text="Title is private"
data-url="paulmillr/noble-curves#129"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/129/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/129">#129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://github.com/paulmillr/noble-curves/compare/1.3.0...1.4.0"><tt>1.3.0...1.4.0</tt></a></p>
      </li>
      <li>
<b>1.3.0</b> - <a
href="https://github.com/paulmillr/noble-curves/releases/tag/1.3.0">2023-12-11</a></br><ul>
<li>BLS:
<ul>
<li>Add support for short signatures. Short sigs allow using G1 as sig
and G2 as pubkeys, instead of wise-versa.</li>
<li>Contributed by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/randombit/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/randombit">@ randombit</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1857210226" data-permission-text="Title is private"
data-url="paulmillr/noble-curves#74"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/74/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/74">#74</a></li>
<li>Refactor mask-bit settings, improve encoding resiliency</li>
</ul>
</li>
<li>ed25519, ed448: implement <code>Group</code> interface for
<code>DecafPoint</code> and <code>RistrettoPoint</code> by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/sublimator/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/sublimator">@ sublimator</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1904561201" data-permission-text="Title is private"
data-url="paulmillr/noble-curves#85"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/85/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/85">#85</a></li>
<li>ed448: Fix x448 private keys, to be 56 bytes, not 57</li>
<li>weierstrass: fix <code>weierstrassPoints</code> missing CURVE object
by <a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/secure12/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/secure12">@ secure12</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1938367323" data-permission-text="Title is private"
data-url="paulmillr/noble-curves#92"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/92/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/92">#92</a></li>
<li>utils:
<ul>
<li><code>hexToBytes</code>: speed-up 6x, improve error formatting by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/arobsn/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self" href="https://github.com/arobsn">@
arobsn</a> in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="1895299733"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#83"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/83/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/83">#83</a></li>
<li><code>isBytes</code>: improve reliability in bad environments such
as jsdom</li>
<li><code>concatBytes</code>: improve safety by early-checking the
type</li>
<li><code>equalBytes</code>: make constant-time</li>
</ul>
</li>
<li>Bump noble-hashes to <a
href="https://github.com/paulmillr/noble-hashes/releases/tag/1.3.3">1.3.3</a></li>
<li>Bump typescript version used to build the package to 5.3.2</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/randombit/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/randombit">@ randombit</a> made their first
contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="1857210226"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#74"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/74/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/74">#74</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/arobsn/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self" href="https://github.com/arobsn">@
arobsn</a> made their first contribution in <a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="1895299733" data-permission-text="Title is private"
data-url="paulmillr/noble-curves#83"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/83/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/83">#83</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/secure12/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/secure12">@ secure12</a> made their first
contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="1938367323"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#92"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/92/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/92">#92</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/yhc125/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self" href="https://github.com/yhc125">@
yhc125</a> made their first contribution in <a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="1945514191" data-permission-text="Title is private"
data-url="paulmillr/noble-curves#93"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/93/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/93">#93</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://github.com/paulmillr/noble-curves/compare/1.2.0...1.3.0"><tt>1.2.0...1.3.0</tt></a></p>
      </li>
      <li>
<b>1.2.0</b> - <a
href="https://github.com/paulmillr/noble-curves/releases/tag/1.2.0">2023-08-23</a></br><ul>
<li>ed448: add decaf448 support</li>
<li>weierstrass: improve security of random private keys<br>
by decreasing bias from <code>2^-64</code> to
<code>2^-curve_security_level</code></li>
<li>weierstrass: allow extraEntropy to take any amount of bytes</li>
<li>poseidon: improve security, make sboxPower mandatory and prohibit
values other than 3, 5, 7; prohibit odd roundsFull</li>
<li>hash-to-curve: allow string and Uint8Array DSTs</li>
<li>tree-shaking improvements: add <code>sideEffects: false</code> to
package.json,<br>
add pure annotations to ed25519</li>
<li>update noble-hashes to <a
href="https://github.com/paulmillr/noble-hashes/releases/tag/1.3.2">1.3.2</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/stknob/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self" href="https://github.com/stknob">@
stknob</a> made their first contribution in <a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="1772904613" data-permission-text="Title is private"
data-url="paulmillr/noble-curves#59"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/59/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/59">#59</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mahnunchik/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/mahnunchik">@ mahnunchik</a> made their first
contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="1760879918"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#56"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/56/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/56">#56</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/steveluscher/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://github.com/steveluscher">@ steveluscher</a> made their
first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="1782908940"
data-permission-text="Title is private"
data-url="paulmillr/noble-curves#62"
data-hovercard-type="pull_request"
data-hovercard-url="/paulmillr/noble-curves/pull/62/hovercard"
href="https://github.com/paulmillr/noble-curves/pull/62">#62</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://github.com/paulmillr/noble-curves/compare/1.1.0...1.2.0"><tt>1.1.0...1.2.0</tt></a></p>
      </li>
    </ul>
from <a
href="https://github.com/paulmillr/noble-curves/releases">@noble/curves
GitHub release notes</a>
  </details>
</details>

---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - This PR was automatically created by Snyk using the credentials of a
real user.

---

**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs._

**For more information:** <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIyOGRiMDgxMy03OTIyLTQ1YjMtODEzYy04OGIzM2MxNzkwMDAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjI4ZGIwODEzLTc5MjItNDViMy04MTNjLTg4YjMzYzE3OTAwMCJ9fQ=="
width="0" height="0"/>

> - 🧐 [View latest project
report](https://app.snyk.io/org/okeamah/project/79f5fe07-5650-42a8-a92c-0ae46036ffc8?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
> - 🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/okeamah/project/79f5fe07-5650-42a8-a92c-0ae46036ffc8/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/okeamah/project/79f5fe07-5650-42a8-a92c-0ae46036ffc8/settings/integration?pkg&#x3D;&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"noble/curves","to":"noble/curves"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"28db0813-7922-45b3-813c-88b33c179000","prPublicId":"28db0813-7922-45b3-813c-88b33c179000","packageManager":"npm","priorityScoreList":[],"projectPublicId":"79f5fe07-5650-42a8-a92c-0ae46036ffc8","projectUrl":"https://app.snyk.io/org/okeamah/project/79f5fe07-5650-42a8-a92c-0ae46036ffc8?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2024-07-01T15:29:19.878Z"},"vulns":[]})
--->
@Graysonbarton Graysonbarton mentioned this pull request Aug 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sublimator sublimator sublimator left review comments

@paulmillr paulmillr Awaiting requested review from paulmillr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stknob @sublimator @paulmillr