Zebra: Add `secp256k1` and possibly wrap its types.

Created on 24 Feb 2020  Â·  5Comments  Â·  Source: ZcashFoundation/zebra

The secp256k1 crate is a Rust wrapper around the well-vetted and constant-time C library that is actively maintained.

While including a non-trivial C dependency into our (so far) all-Rust project isn't the ideal answer, this library is a better choice in terms of maintainability (and offloading that to someone else) for us than some of the all-Rust alternatives out there, which are either less-great from a constant-time, implementation perspective or are just less mature than bitcoin-core/secp256k1.

A-dependencies

All 5 comments

Changed title so that we have one issue for integrating the dependency and one issue for adding transparent keys and addresses.

Pulling this in exposes the signing operations needed to verify script ops for transparent transactions without joinsplits.

The library requires building a context object and using the context, which is sort of awkward. Maybe the easiest thing to do would be to use lazy_static to build the context and store it as a "constant" somewhere in zebra-chain.

Not to co-opt this issue, but it could be worth looking into sandboxing. As far as I know, libsecp256k1 makes no syscalls, so you could use the strictest sandboxing policy. I think Google has some excellent open source, cross-platform sandboxing libraries, but they're for C++ (could be useful for seeing which APIs to use on each platform).

Sandboxing seems great, but unfortunately I don't think that we have resources to do it in the medium term. I don't feel great about C libraries in general, but I feel that of all C libraries that a Rust project might use, this one is relatively less risk than others.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

nathan-at-least picture nathan-at-least  Â·  4Comments

teor2345 picture teor2345  Â·  3Comments

hdevalence picture hdevalence  Â·  4Comments

yaahc picture yaahc  Â·  3Comments

dconnolly picture dconnolly  Â·  3Comments