-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove bit clamping to allow HKD #4
Comments
Hello, I see the following suggestion for removing bit clamping looks good : Also, on the HKD part, considering only two party case, I see the following BIP32 ed25519 : https://github.com/LedgerHQ/orakolo/blob/master/papers/Ed25519_BIP%20Final.pdf I think if we follow the co factor handling as above and remove bit clamping on the initial keys, then for the non hardened child key derivation, whatever the scalar we get after the HMAC (as calculated in 2p ECDSA case), if that is also sanitised according to above suggestion and then added to initial secret (mod 8l necessary or mod l is enough after addition?), It should give a valid Child keys. |
Thanks @durgeshp-crypto. |
@omershlo , actually I encounter rust-gmp related linking issue while running this repo directly in my machine. I guess that's some tool chain related issue.
and this looks to be working for my test cases. Updated: Inverse cofactor multiplication then by multiplying it 8 again results into same value. So need to do bigInt division instead of inverse multiplication to ecscalar. So modifying above code like this and added few print statements for comparison:
This is two example of above prints: Ex1: scalar after cofactor handling via divide and multiply is : scalar after cofactor via bit clamping is : Ex2: scalar after cofactor handling via divide and multiply is : scalar after cofactor via bit clamping is : |
I got my env fixed and can run this repo now, I'll give it a try and create a PR for it. @omershlo |
thank you !! |
Hey, wanted to create a PR in "curv" (https://github.com/ZenGo-X/curv) for small torsion-safe ed25519 scalar test. How can I get permission to push or create a draft PR for it? It shows I do not have write access when pushing the changes. |
You should be able to make a PR as usual . What error do you get ? |
Okay. via SSH clonning: Please make sure you have the correct access rights HTTPS: Tried the one-time token too to avoid the use of a password but still shows the same issue. Trying to figure out if it's an issue from my github account or from curv side. |
It got resolved, was using a wrong method for creating PR :( |
https://moderncrypto.org/mail-archive/curves/2017/000858.html
The text was updated successfully, but these errors were encountered: