Got stuck with Ed25519

Werner Koch wk at
Wed Sep 11 09:28:12 CEST 2013

On Wed, 11 Sep 2013 02:30, gniibe at said:

> Here is the change over your patch.  It works fine for me.

Many thanks.  I should have asked earlier.  Pretty obvious bugs but we
all know that it is sometimes virtually impossible to detect one own

> (1) Z1 should be p1->z.  I think that it's a kind of typo.

And I checked that a dozen times :-(.

> (3) X3 might be same place where X2 refers.  Need to use TMP, at first.

Good point.

> (4) NBITS should not be number of bits of SCALAR minus 1, but 
>     number of bits itself.

That was actually a leftover from another test.

Works now.  Now for the rest of the code.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list