ScalarBaseMult and Add: Deprecated low-level unsafe API

[mariajdab]

Reading the crypto related package in vocdoni-node repository, I realized that in the file saltedkey.go is using deprecated Curve methods described as low-level unsafe API :

ScalarBaseMult : Deprecated

Used in:

// SaltBlindPubKey returns the salted blind public key of pubKey applying the salt.
func SaltBlindPubKey(pubKey *blind.PublicKey, salt []byte) (*blind.PublicKey, error) {
	if len(salt) < SaltSize {
		return nil, fmt.Errorf("provided salt is not large enough (need %d bytes)", SaltSize)
	}
	if pubKey == nil {
		return nil, fmt.Errorf("public key is nil")
	}
	var salt2 [SaltSize]byte
	copy(salt2[:], salt[:SaltSize])
	x, y := ethcrypto.S256().ScalarBaseMult(salt2[:])
	s := blind.Point{
		X: x,
		Y: y,
	}
	return (*blind.PublicKey)(pubKey.Point().Add(&s)), nil
}

// SaltECDSAPubKey returns the salted plain public key of pubKey applying the salt.
func SaltECDSAPubKey(pubKey *ecdsa.PublicKey, salt []byte) (*ecdsa.PublicKey, error) {
  if len(salt) < SaltSize {
  	return nil, fmt.Errorf("provided salt is not large enough (need %d bytes)", SaltSize)
  }
  if pubKey == nil {
  	return nil, fmt.Errorf("public key is nil")
  }
  var salt2 [SaltSize]byte
  copy(salt2[:], salt[:SaltSize])
  x, y := pubKey.Curve.ScalarBaseMult(salt2[:])
  pubKey.X, pubKey.Y = pubKey.Curve.Add(pubKey.X, pubKey.Y, x, y)
  return pubKey, nil
}

Also, the Curve method Add is Deprecated and this is a low-level unsafe API.

I assume that this could be a breaking change.

[mariajdab]

@p4u

[p4u]

Umm, interesting. Could you create a test to check if both ways are compatible?