Support for Ristretto family?

Question

Support for Ristretto family?

Closed this issue 3 years ago · 4 comments

These build on Curve25519, but have some additional features — the Ristretto family is also useful in implementing the OPAQUE Secure Remote Password protocol.

Would ristretto255 be considered for inclusion? https://ristretto.group/

Answer 1 · 2022-05-10T15:39:28.000Z

Hey 👋 I think this would be cool, but it may be a bit early for this. E.g., there's no RFC yet (I see that there's a draft CFRG RFC, which is good, but it may be worth waiting until that's finalized. It's also not in TLS yet, for example, and I'm not sure if there would be implementer interest, in general. So I don't think we should add it now but it could always be added later, or in a separate document, if there's interest.

Answer 2 · 2022-05-10T17:20:29.000Z

Okay, that works for me; I can use ristretto.js or a wasm implementation instead for now.

Answer 3 · 2022-05-10T18:48:41.000Z

@twiss would it be a good idea to keep this open but label it as "Future" or something — you agreed it was a good idea?

Answer 4 · 2022-05-10T19:09:05.000Z

Perhaps we could reconsider / reopen this when an RFC is released? Also, depending on the timing, I think it may make more sense to create a separate document for this by then (perhaps modeled after this one), if Curve25519 and Curve448 are already deployed, for example.