~mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Start verifying that code which should be constant-time really is.
[catacomb]
/
README
diff --git
a/README
b/README
index
ccc4987
..
9cd5a65
100644
(file)
--- a/
README
+++ b/
README
@@
-1,8
+1,8
@@
Catacomb
Catacomb
-
+
Catacomb is a cryptographic library. It covers quite a lot of
Catacomb is a cryptographic library. It covers quite a lot of
- the `standard' cryptgraphic primitives, although there's plenty
+ the `standard' crypt
o
graphic primitives, although there's plenty
of scope for improvement, implementing more block ciphers and
hash functions for example. It contains a relatively extensive
multiprecision arithmetic library suitable for implementing a
of scope for improvement, implementing more block ciphers and
hash functions for example. It contains a relatively extensive
multiprecision arithmetic library suitable for implementing a
@@
-33,9
+33,9
@@
Objectives
interested in covering different sorts of cryptographic
primitives and operations than in implementing standard
protocols. I'm more likely to add support for elliptic
interested in covering different sorts of cryptographic
primitives and operations than in implementing standard
protocols. I'm more likely to add support for elliptic
- curve-based public-key cryptography and
secret-sharing
- systems than supporting something like SSL or the PKCS suite
- of standards.
+ curve-based public-key cryptography and
threshold
+ cryptography systems than supporting something like SSL or
+
the PKCS suite
of standards.
* Portability. Almost all of Catacomb assumes nothing more
than plain old ANSI C, and should therefore work on any
* Portability. Almost all of Catacomb assumes nothing more
than plain old ANSI C, and should therefore work on any
@@
-97,7
+97,7
@@
Licensing, and trust
hostile implementation can, undetectably, leak bits of your
private key in each signed message. This works by carefully
choosing a supposedly random parameter to the signature
hostile implementation can, undetectably, leak bits of your
private key in each signed message. This works by carefully
choosing a supposedly random parameter to the signature
- function.
+ function.
Once your adversary has acquired a few signed messages, which
shouldn't be too hard, he can recover either your entire key, or
Once your adversary has acquired a few signed messages, which
shouldn't be too hard, he can recover either your entire key, or
@@
-186,10
+186,6
@@
Future directions
management for public-key systems. This needs a lot of
thought, however.
management for public-key systems. This needs a lot of
thought, however.
- * Secret-sharing systems. Take a secret, and give n people a
- `share' in it, so that any k <= n of them can recover the
- secret, but fewer than k have no hope.
-
* Arithmetic in finite fields other than the prime-order
fields constructed by integer multiplication with a prime
modulus. Interesting variants of Diffie-Hellman and other
* Arithmetic in finite fields other than the prime-order
fields constructed by integer multiplication with a prime
modulus. Interesting variants of Diffie-Hellman and other
@@
-202,8
+198,7
@@
Future directions
people have suggestions then I'll consider them fairly, although
they shouldn't conflict with my main objectives.
people have suggestions then I'll consider them fairly, although
they shouldn't conflict with my main objectives.
---
-[mdw]
+-- [mdw]
\f
Local variables:
\f
Local variables: