[PATCH] Curve25519 patch revised
NIIBE Yutaka
gniibe at fsij.org
Fri Jun 20 15:28:59 CEST 2014
On 2014-06-20 at 11:08 +0200, Werner Koch wrote:
> Can you change the name to mpi_swap_cond ? I would also prefer to keep
> it an internal function for now and add it to the public API only
> later. This allows to backport it to 1.6.
I see. I will.
> > To do so, we need to add two more fields in the curve specification:
> > co-factor and number of bits of the curve (to set MSB of above code).
>
> No problem.
Thanks. I will do that, too.
Another thing to consider is support of new compact representation of
draft-jivsov-ecc-compact-05.
For Montgomery curve, it doesn't compute y-coordinate, and the
representation in my current implementation is:
04 || X || ZERO
It works, but it is not correct value (of Y), but I don't think it is
worth to compute Y, just for filling. I think that new compact
representation (only X) should be the default for Montgomery curve (of
ECDH). It is also good to support new compact representation for
general ECDH and ECDSA keys.
IIUC, draft-jivsov-ecc-compact-05 can be applied to 6637
straightforwardly, and fingerprint (or keygrip) will be different when
representation will be changed. Is this right?
--
More information about the Gcrypt-devel
mailing list