Discuss possible fork of curv library #36
Description
@drewstone, I have mentioned that the curv library doesn't seem to be maintained (see this comment) and it would be good for us to forge a path towards using the constant time crypto-bigint library as the BigInt backend which would require forking curv.
And then I just came across this security advisory regarding the secp256k1 library that curv depends upon.
I have searched the codebase(s) and I don't think we are exposed to the issue with Secp256k1::preallocated_gen_new however I do want to start a conversation about what we should do with the curv dependency.