[EXPERIMENTAL-PATCH] Curve25519 encryption support (updated)

Werner Koch wk at gnupg.org
Wed Jul 22 15:21:24 CEST 2015

On Wed,  8 Jul 2015 02:34, gniibe at fsij.org said:

> Here, I changed the meaning of '(flags eddsa)' a bit.  Now, it means
> that the key is in DJB format and under DJB processing:

We should not overload that flag with a new meaning:

  @item eddsa
  @cindex EdDSA
  Use the EdDSA scheme signing instead of the default ECDSA algorithm.
  Note that the EdDSA uses a special form of the public key.
This flag describes the EdDSA algorithm and not the encoding of the
points.  Right, the default for that algorithm are those from Bernstein
et al's paper but the idea is to use it also for future versions of
EdDSA.  For example:

    author = {Daniel J. Bernstein and Simon Josefsson and Tanja Lange and Peter Schwabe and Bo-Yin Yang},
    title = {EdDSA for more curves},
    howpublished = {Cryptology ePrint Archive, Report 2015/677},
    year = {2015},
    note = {\url{http://eprint.iacr.org/}},

We should keep the encoding separate.  What about an "x-only" or "mont"
flag to indicate that we only convey the x-ccordinate?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list