Switch to subtle-ng

[davidrusu]

Hello, I'm working with some zkcrypto crates that depend on subtle-ng but I'm not able to interoperate with the ff family of crates since we're still on the subtle package here.

Do you mind taking this change to switch us over to subtle-ng? We'll have to propagate this change throughout other packages as well.

[davidrusu]

Ping on this issue.

I have a crate I'd like to publish that is depending on this branch. I'd rather not publish my fork of ff to crates.io

Would you prefer a PR with just the subtle-ng change (no clippy run)?

[tarcieri]

I just wanted to note that if you do this, it will be a difficult transition for @RustCrypto.

We use subtle for https://github.com/RustCrypto/elliptic-curves but also in quite a few other things like symmetric cryptography implementations. If this were to change then we would wind up in the situation where some crates are using subtle-ng and others are using subtle.

For crates that combine things like ECC and symmetric cryptography, such as ECIES systems, this means that until we can get everything switched over (and we are just wrapping up a set of symmetric crypto releases), crates like this would have to deal with e.g. incompatible Choice and CtOption as sourced from both subtle and subtle-ng.

[davidrusu]

I'm not intimately familiar with the history of these crates, but the README on https://github.com/zkcrypto/subtle-ng suggests that subtle is not maintained by someone who likes to co-operate with the community.

So, sure, there will be some pain in the transition, but I'd feel much better if a low-level dependency of the crypto ecosystem is maintained by a group we can all trust and work with.

If someone has more knowledge of the state of these two crates, please share!