You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We'd like orion to support this by utilizing https://github.com/mit-plv/fiat-crypto. fiat-crypto is able to generate formally verified code which, in other words, means the field arithmetic from fiat-crypto has had its correctness proven by the Coq theorem prover.
Using fiat-crypto means:
Greater confidence in the implementations offered by orion
Less work required to maintain the implementations
Based on popularity and usage in for example TLS 1.3, the curve that will be supported is Curve25519. Additionally, this will also mean X25519 in terms of ECDH and Ed25519 in terms of EdDSA. Both these are also used in TLS 1.3. Using X25519 also allows us to build a higher-level key-exchange API that is compatible with libsodium's.
Initial work for X25519 and integration of fiat's Curve25519 arithmetic has been started in #197.
This will serve more as a tracking issue, since this will require a substantial amount of work.
We'd like orion to support this by utilizing https://github.com/mit-plv/fiat-crypto. fiat-crypto is able to generate formally verified code which, in other words, means the field arithmetic from fiat-crypto has had its correctness proven by the Coq theorem prover.
Using fiat-crypto means:
(the same motivation for #198)
Based on popularity and usage in for example TLS 1.3, the curve that will be supported is Curve25519. Additionally, this will also mean X25519 in terms of ECDH and Ed25519 in terms of EdDSA. Both these are also used in TLS 1.3. Using X25519 also allows us to build a higher-level key-exchange API that is compatible with libsodium's.
Initial work for X25519 and integration of fiat's Curve25519 arithmetic has been started in #197.
This will serve more as a tracking issue, since this will require a substantial amount of work.
TODO:
The text was updated successfully, but these errors were encountered: