Implementing Monero

[fireice-uk]

There is a fairly large demand for a hardware wallet in Monero community. You will probably get asked those questions multiple times from different people so let me put them in writing :).

• Is the curve25519/ed25519 scalar multiply and add finished and operational?
• Is the borromean signature implemented as per whitepaper, or is it the "weird and wonderful" Monero version?
• If implementing from scratch using scalar operations (cx_ecfp_*), I counted roughly 40 additions, 60 multiplications and 40 keccak hashes. Can you give me a rough idea of how long that would take on your hardware?
• Monero transactions will need about 30KB of memory, is secure code able to offload some data to flash storage?

TIA for detailed answers.

[btchip]

Actually that's the first time I got some detailed questions about that so it's quite cool. Sorry that github notification failed again and it took a few days for me to notice

Is the curve25519/ed25519 scalar multiply and add finished and operational?

Yes

Is the borromean signature implemented as per whitepaper, or is it the "weird and wonderful" Monero version?

It's implemented as per CT - main issue there is the RAM, depending how many rings are involved

If implementing from scratch using scalar operations (cx_ecfp_*), I counted roughly 40 additions, 60 multiplications and 40 keccak hashes. Can you give me a rough idea of how long that would take on your hardware?

I'll have to check that precisely, but you can expect about ~10-30 ms per addition/multiplication and likely 20-50ms per keccak hash - so that should be pretty manageable

EDIT : Keccak is around 300 ms, so maybe not.

Monero transactions will need about 30KB of memory, is secure code able to offload some data to flash storage?

yes, you need to reserve that space in the application for the time being then use nvm_write. In a future version of the firmware you'll be able to declare an external section to do the same without reserving the space.