Constantine: modular, high-performance, zero-dependency cryptography stack

mratsim · 2024-07-06T11:15:14 1720264514

Author here, adding an accompanying post focused on performance: https://ethresear.ch/t/releasing-constantine-v0-1-0-a-modula...

taspeotis · 2024-07-06T03:59:37 1720238377

TW: blockchain

> Releasing Constantine v0.1.0 - A modular cryptography stack for blockchain and proof systems

I guess OP had to “edit” the title for conciseness…

tempodox · 2024-07-06T05:41:57 1720244517

Ferengi Rule of Acquisition #239: Never be afraid to mislabel a product.

Cryptography and cryptocurrency aren't the same, and I know of no other use for blockchain. Maybe they were hoping to win over non-believers by deceiving them about the content of the article.

narodnik · 2024-07-06T07:20:04 1720250404

let me guess, you don't actually write code. just talk down people who actually do this is a crypto lib and the authors repo obv has a ton of hardwork https://github.com/mratsim/constantine

IanCal · 2024-07-06T11:53:53 1720266833

> Cryptography and cryptocurrency aren't the same,

They aren't, but this is a cryptography library.

debatem1 · 2024-07-06T16:25:53 1720283153

At a glance it seems fair to say that this is both a cryptocurrency library and a cryptography library.

The only truly general purpose thing here is SHA256. Every protocol on its supported list starts with either "ethereum" or "evm", and to the best of my knowledge the other primitives have seen very little use besides cryptocurrency.

mratsim · 2024-07-06T16:43:33 1720284213

The Internet Engineering Task Force, which in particular standardizes TLS, has acknowledge my contributions for my contributions to the very generic and globally useful hashing-to-curve primitive: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-t...

And BLS signatures are standards as well: https://www.ietf.org/archive/id/draft-irtf-cfrg-bls-signatur...

mratsim · 2024-07-06T16:38:35 1720283915

BLS signatures are general purpose, the only Ethereum specific thing is choosing which elliptic curves are used for public keys and which for signatures as well as a prefix before hashing inputs.

Similarly KZG polynomial commitments are generic, the Ethereum specific thing is the trusted setup ceremony which needs to be specialized per protocol.

The finite field backends and the elliptic curves supported are all generic as well: https://github.com/mratsim/constantine/blob/master/constanti...

inhumantsar · 2024-07-06T14:01:13 1720274473

the vehemently anti-blockchain community is starting to sound more religious about their belief than the cryptobros ever did...

medo-bear · 2024-07-06T09:38:55 1720258735

I think this is cool, but how sure are the authors that this is side-channel safe? There is a similar (modular, high performance, zero-dependency) library in Common Lisp but it can't give side-channel guarantees due to how some Common Lisp compilers implement integer and arithmetic functions

https://github.com/sharplispers/ironclad

mratsim · 2024-07-06T11:23:24 1720265004

Great question, first of all I did extensive research https://github.com/mratsim/constantine/wiki/Constant-time-ar....

Then the library defines its own types SecretBool and SecretWord throughough library that cannot be mixed with regular Nim types and are based on uint32/uint64 so the compiler cannot assume 0/1 and do boolean logic.

Assembly is used to avoid compilers getting too smart and reintroducing branches but the no-assembly fallback should still compile without branches.

By convention, all variable-time cryptographic functions are suffixed _vartime.

There is a plan to add automated constant-time checks as well https://github.com/mratsim/constantine/issues/7.

christophilus · 2024-07-06T12:31:01 1720269061

> Constantine has been written to have zero-dependency, besides the Nim compiler.

More of this, please. I think this should be the norm.