You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We can statically rule out invalid tweaks by having NonZeroScalar and have it constructible from ThirtyTwoBitHash. Unfortunately we can't do layout optimizations but even if we could we would have to drop ThirtyTwoBitHash or make it unsafe.
It is not just zero that we have to avoid tweaking by -- it is also scalars that exceed the group order. We have a type that encodes these invariants -- SecretKey -- which we could use for tweak_add and tweak_mul, but that still wouldn't get rid of the error return, because for tweak_add we also require that the tweak not be the additive inverse of the original key.
We can statically rule out invalid tweaks by having
NonZeroScalar
and have it constructible fromThirtyTwoBitHash
. Unfortunately we can't do layout optimizations but even if we could we would have to dropThirtyTwoBitHash
or make itunsafe
.See also LLFourn/secp256kfun#144
The text was updated successfully, but these errors were encountered: