p384: arithmetic + ECDSA support about elliptic-curves HOT 14 CLOSED

Nice! I can take a look at merging that into the p384 crate. It seems to largely follow the same structure.

from elliptic-curves.

Yes, the weierstrass crate should be able to express p384 arithmetic. I have some changes in mind before merging it, so let's call it work in progress. :)

from elliptic-curves.

I think we could potentially ship an initial implementation of p384 arithmetic by leveraging the field arithmetic implementations synthesized by fiat-crypto:

• https://github.com/mit-plv/fiat-crypto/blob/master/fiat-rust/src/p384_32.rs
• https://github.com/mit-plv/fiat-crypto/blob/master/fiat-rust/src/p384_64.rs

It would also provide a good testbed to work on a Scalar type based on crypto_bigint::UInt which could potentially be made generic and used by all of the crates in this repo.

from elliptic-curves.

For what it's worth, I'd also like to see the p384 implementation support the ecdh and arithmetic capabilities. I am happy to test and review anything that emerges, although I very much doubt that my skills are up to contributing to the actual work at this point.

from elliptic-curves.

OK... I can think of several organizations here in the UK that would be interested in using RustCrypto, but would be happy to contribute for support if it were available on commercial terms.

from elliptic-curves.

An arithmetic implementation derived from p384-rs was merged in #565.

Thank you @jedisct1 and @brycx! And vicarious thanks to the fiat-crypto people!

For anyone following this issue, I've opened a tracking issue for a v0.11 release with arithmetic support: #566

from elliptic-curves.

p384 arithmetic is presently unimplemented and there are no plans to implement it. All it currently provides is a set of types for representing things like P-384 keys and ECDSA signatures.

The only way to use it for ECDSA/P-384 for now is via the ring-compat crate, which wraps the ECDSA/P-384 implementation in ring:

https://docs.rs/ring-compat/0.1.0/ring_compat/signature/ecdsa/p384/index.html

Perhaps if #218 works out we can see if the generic implementation is capable of expressing it.

from elliptic-curves.

As a quick update here, we recently shipped elliptic-curve v0.11 which implements quite a bit of scalar arithmetic generically on top of crypto-bigint in the form of the ScalarCore type.

This is more or less the culmination of work started in #376, but generic over the curve's order.

Between that and the base field implementation from fiat-crypto, it shouldn't be terribly difficult to adapt the existing addition/multiplication formulas from p256.

from elliptic-curves.

Tony - a possibly stupid question: is your work on RustCrypto funded, either by your own organization, or by any other external source? I can think of several organizations that would be happy to support such efforts if it were possible. If Company X really wanted to pay for support, who would they approach?

from elliptic-curves.

@rod-chapman it's not funded, although you can feel free to support me via GitHub Sponsors

from elliptic-curves.

https://github.com/jedisct1/rust-p384 has an implementation, if you ever need this.

from elliptic-curves.

Interesting... I would like to compare performance of that with the WolfCrypt C implementation...

from elliptic-curves.

I'd be happy if we could merge that and therefore remove the broken-arithmetic-do-not-use stuff ^^

from elliptic-curves.

@jedisct1 I opened a draft PR here: #565

Alternatively if you'd like to open a PR yourself, that works too

from elliptic-curves.