Hi Marcel,
On Tue, 19 Feb 2019, 15:43 Marcel Fourné Hello, hackage-security is using the ed25519 package, which in itself is
wrapper library around a C/Assembly implementation.
I have just released a pure Haskell implementation of that (modulo
slightly different API the same signature bytes), without using C bits
other than the well known integer-gmp. Tests and benchmarks are
included, if you want to see those for yourselves, but the proofs for
timing attack security still need to be written up for
scientific publishing. Would you as developers of hackage-security / Cabal / stack be
interested in adopting such a replacement? And, if yes, what conditions
would such a library have to fulfill? If it doesn't result in too much of a slowdown, I think it would make
sense to do this change. I'd recommend making the choice between
ed25519/eccrypto configurable via a flag so that we could compare the
two. I'm cc:ing Edsko, who is the main author of hackage-security.