Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a reason random() and random_mod() require CryptoRng? #137

Open
fjarri opened this issue Nov 27, 2022 · 4 comments
Open

Is there a reason random() and random_mod() require CryptoRng? #137

fjarri opened this issue Nov 27, 2022 · 4 comments

Comments

@fjarri
Copy link
Contributor

fjarri commented Nov 27, 2022

I would argue that it's the user's decision whether they want a cryptographically safe RNG used or not; there can be applications which do not require that restriction, and CryptoRng is just a marker trait and does not provide any additional functionality.
@tarcieri
Copy link
Member

Just generally, per the crypto-bigint name, this crate assumes cryptographic applications of all operations.

What's the use case where e.g. ChaCha8Rng is insufficient?

@fjarri
Copy link
Contributor Author

fjarri commented Nov 27, 2022

Perhaps it is sufficient, my point was that it is a misuse of the marker trait. CryptoRng requirement is justified when the operation is supposed to be cryptographically safe, like SecretKey::random() or something; there is nothing inherently cryptographic about just generating a random integer. As for the library name, I personally think of it as more of a "fixed-size-bigint", and perhaps it's the API that should influence the name and not the other way around.

@tarcieri
Copy link
Member

there is nothing inherently cryptographic about just generating a random integer

When are you generating a random integer with this library where it’s a nonsecret value?

I suppose there are a handful of applications (e.g. batch verification)

As for the library name, I personally think of it as more of a "fixed-size-bigint"

It’s definitely more than just that. It’s intended to have a misuse resistant API which includes constant-time-by-default behavior.

If there’s a good real-world use case for nonsecret integers we can consider removing the bound, but IMO the main use case for a random integer with this library is generating cryptographic secrets

@fjarri
Copy link
Contributor Author

fjarri commented Nov 28, 2022
edited
Loading

When are you generating a random integer with this library where it’s a nonsecret value?

One example is testing. Or a challenge value for some ZK proof (although you can argue that you'd still want a CryptoRng there). Or some Monte-Carlo algorithm running in a large integer space (who knows). In general, I'm just not excluding a possibility that someone at some point might want a non-cryptographic random, and we shouldn't put artificial restrictions on it.

It’s definitely more than just that. It’s intended to have a misuse resistant API which includes constant-time-by-default behavior.

Fair enough, although it is also a bit of an annoyance to cast Choice to boolean explicitly (but at least that is contained within methods and does not affect the API).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @fjarri