Rust bindings: expose safe blst_scalar constructors #13
Comments
|
It seems that verify_multiple_aggregate_signatures could accept something less "rigid" than blst_scalar. At least blst_scalar is quite wasteful, because rand_bits would be significantly smaller than blst_scalar bit width, right? It might take some extra interfaces, but it might be worthwhile to arrange. Alternatively one can argue that just a sequence of random bytes cast to limbs would do [as input to the subroutine in question]. Indeed, on little-endian platform lendian->limbs conversion is effectively a no-op anyway, and on big-endian "randomness" would be "applied" in reverse byte order, which is arguably as random. This is not to say that it would inappropriate to wrap unsafe functions! Just that it seems to be an extra angle to the problem. |
Just in case, this is naturally assuming that if rand_bits is not divisible by limb's bit-witdth, the byte sequence is not conditioned accordingly. I mean that no byte is masked with few-bit mask. |
In the Rust bindings, in order to use
Signature::verify_multiple_aggregate_signaturesyou must initialize someblst_scalarvalues.AFAIK, the only way to do this is via the
unsafe blst_scalar_from_*functions.It would be great if the bindings could wrap these in a non-
unsafefunction, if they are indeed as safe as all the other times we call theunsafe extern "C"functions.The text was updated successfully, but these errors were encountered: