Lib.rs

Arkworks secret scalar handling via key splitting

Secret scalar split into the sum of two scalars, which randomly mutate but retain the same sum. Incurs 2x penalty in scalar multiplications, but provides side channel defenses.

We support &self recievers throughout, like typical secret keys do. We choose non-thread-safe interior mutability via UnsafeCell which avoids atomics, but makes SecretScalar only Send but !Sync.

As Mutex<T: Send>: Send+Sync, one should prefer Mutex<SecretKey> over cloning SecretScalar, simply to minimize clones of secret keys.