The Ristretto specification defines a way to do hash-to-curve. The hash-to-curve draft and other drafts (such as the one on OPRFs) recommend doing it using hashtobase+elligator2 as with Ed25519 instead. A forthcoming paper is going to propose a 3rd way. This is annoying.
-
-
Replying to @jedisct1
The Ristretto spec explicitly bars any other way of deriving points, for good reason. I believe using the method suggested by other specs makes it impossible to implement the ristretto255 group with more efficient curves.
1 reply 0 retweets 3 likes -
Replying to @FiloSottile
Thanks for making it clear, Filippo! If the intent is to support other curves, that totally makes sense. Thanks!
1 reply 0 retweets 2 likes -
Replying to @jedisct1
By the way, the authors had some suggestions for the libsodium API, how would you like me to send them over?
1 reply 0 retweets 0 likes
Replying to @FiloSottile
DM, GitHub, email, whatever :)
11:24 AM - 2 May 2019
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.