Add section on try and increment #153
Comments
|
I think try and increment is dead based on zkcrypto/pairing#56 (comment) |
|
Try and increment has the advantage of being trivial to specify (though not implement optimally). It is also likely used in production today. Even if "dead", an explanatory death note is probably warranted. |
|
We decided to omit a complete specification of try-and-increment since we're aiming for constant-time algorithms. |
I'm not asking for a specification of try-and-increment. I'm asking for a rationale for not specifying try-and-increment. |
kwantam
added a commit
to kwantam/draft-irtf-cfrg-hash-to-curve
that referenced
this issue
Oct 12, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current draft does not mention the "naive" try and increment. I feel implementers will undoubtedly want to consider it. If the intent is to discourage the use of try and increment a section explaining why it is discouraged may be warranted. If it is not discouraged then a section standardising it may also be warranted.
The text was updated successfully, but these errors were encountered: