-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rust bindings: expose safe blst_scalar constructors #13
Comments
It seems that verify_multiple_aggregate_signatures could accept something less "rigid" than blst_scalar. At least blst_scalar is quite wasteful, because rand_bits would be significantly smaller than blst_scalar bit width, right? It might take some extra interfaces, but it might be worthwhile to arrange. Alternatively one can argue that just a sequence of random bytes cast to limbs would do [as input to the subroutine in question]. Indeed, on little-endian platform lendian->limbs conversion is effectively a no-op anyway, and on big-endian "randomness" would be "applied" in reverse byte order, which is arguably as random. This is not to say that it would inappropriate to wrap unsafe functions! Just that it seems to be an extra angle to the problem. |
Just in case, this is naturally assuming that if rand_bits is not divisible by limb's bit-witdth, the byte sequence is not conditioned accordingly. I mean that no byte is masked with few-bit mask. |
In the Rust bindings, in order to use
Signature::verify_multiple_aggregate_signatures
you must initialize someblst_scalar
values.AFAIK, the only way to do this is via the
unsafe blst_scalar_from_*
functions.It would be great if the bindings could wrap these in a non-
unsafe
function, if they are indeed as safe as all the other times we call theunsafe extern "C"
functions.The text was updated successfully, but these errors were encountered: