ec subtract

[Markus Teich]

Heyho,

NIIBE Yutaka wrote:
> As I only have experience of GnuPG, I'm not sure what kind of API is better
> for libgcrypt, but, I'm just considering making gcry_mpi_ec_add_points to
> private function (i.e., opposite direction).
> 
> So, I'm interested in your situation.

Wouldn't that imply that you don't want the user to implement crypto algorithms
at all? Then you would probably have to make the mpi API private as well.

> I wonder if you can explain ECBD.  If its some crypto protocol, isn't it
> better to be implemented within libgcrypt?

I mean the Burmester-Desmedt Group Key Exchange adapted to elliptic curves[0].

> My background is supporting Curve25519, ECDH on Montgomery curve.  In its
> computation, we don't care Y-coordinate, and gcry_mpi_ec_add_points has to
> return an error as "not supported by the curve".

I am kind of new to EC, so which functions from libgcrypt (1.6.1) would you
recommend to implement the ECBD? My code is published under LGPL, so if it's not
too bad, you could later adopt it into libgcrypt if you like.

--Markus


[0] http://crypo.cased.de/assets/Publications/MaMASS05.pdf