Consider ECVRF #1177
Replies: 3 comments 3 replies
-
|
VRFs are useful, and yes, it would be a good addition to libsodium. Revision 11 of the draft was published and we're getting very close to it moving to an RFC. I'd still wait until this happens before merging relevant code, though, as last-minute breaking changes remain way too common in standardization processes. An implementation can still be prepared independently using the current draft. The existing low-level APIs try to stay consistent with other APIs, by not introducing new representations for scalars and elements, and by trying to mitigate the implications of misuse. Duplicating them to add variants that do the same thing, but are easier to misuse, harder to write bindings for, and require inconsistent conventions would deviate too much from the original goal of this project. Performance is not a goal for libsodium. That being said, the Ristretto255 encoding is much cheaper than the Edwards25519 one (validation only requires an inequality check), so maybe this is something you can consider for your protocols? |
Beta Was this translation helpful? Give feedback.
-
|
That's great. I'll prepare a draft PR with revision 11, so we can start iterating over that. And the actual project I had in mind (that we are using) is ECVRF over Edwards25519, so we are currently constrained to that. I'm happy to hear that a VRF is considered to be a good addition to libsodium. |
Beta Was this translation helpful? Give feedback.
-
|
I've implemented the latest version of the draft. https://github.com/iquerejeta/libsodium/tree/vrf_version_12 I tried to follow the style of ed25519, given the similarities between both primitives. It might even be worth considering to take some functions (key generation & seeded key generation) directly from ed25519, what do you think? I was thinking of waiting until standardisation is closed to open a PR (to avoid having a PR open for a while), but I'm happy to open it and have the discussion there if you prefer. |
Beta Was this translation helpful? Give feedback.
-
|
These changes look really good! |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! I'll open a PR 👍 |
Beta Was this translation helpful? Give feedback.
-
|
Please implement it, would be a very useful addition! |
Beta Was this translation helpful? Give feedback.
-
Hello! I saw that in the 1.0.x roadmap, there is the point of
Consider ECVRF. Is this still something that is being considered? I would be happy to do a first draft implementation compatible with the current version of the VRF draft.Otherwise, are you planning to expose a more efficient API for EC arithmetic? Current API prioritises security over efficiency (with which I agree), and forces users of the library to perform to/from bytes conversion, and checks (canonical, small order, main subgroup) for every arithmetic operation exposed in the API. This hampers the usage of the library for constructing this type of higher level protocols.
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions