-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove UnsafeCell (Attempt 2) #88
Conversation
@@ -48,145 +82,180 @@ impl<R: RngCore+CryptoRng> XofReader for Rng2Xof<R> { | |||
// TODO: We split additively right now, but would a multiplicative splitting | |||
// help against rowhammer attacks on the secret key? | |||
#[repr(transparent)] | |||
pub struct SecretScalar<F: PrimeField>(UnsafeCell<[F; 2]>); | |||
#[derive(Zeroize)] | |||
pub struct SecretSplit<F: PrimeField>([F; 2]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if we want to make this public so that the user can eventually keep it and manually invoke resplit
if required.
If you want to make it private then some methods can be removed as well... as are not used
@burdges do you think this is good to be merged? |
@@ -86,7 +84,7 @@ pub struct SecretKey<K: AffineRepr> { | |||
pub(crate) thin: ThinVrf<K>, | |||
|
|||
/// Secret key represented as a scalar. | |||
pub(crate) key: SecretScalar<<K as AffineRepr>::ScalarField>, | |||
pub(crate) key: SecretScalar<K::ScalarField>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this working purely because <K: AffineRepr>
exists in the struct? Is this a new rust feature?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
K
is bound only by the AffineRepr
trait. There are no ambiguities for the ScalarField
associated type
Yeah. I decided to revert because that modification was using the secret for the computation: Doing the computation with the reconstructed secret makes the splitting trick pointless |
Appears I never fixed this. I'd basically come around to a reasonable compromize, but I never made the changes?!? fuck |
Superseeds #87
UnsafeCell
removalparallel
feature