Re: [Cfrg] Question about edwards448 mapping in draft-irtf-cfrg-curves-11
Andrew Bennett <potatosaladx@gmail.com> Tue, 19 January 2016 16:54 UTC
Return-Path: <potatosaladx@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 312921B3266 for <cfrg@ietfa.amsl.com>; Tue, 19 Jan 2016 08:54:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ozAOtNfrIiXe for <cfrg@ietfa.amsl.com>; Tue, 19 Jan 2016 08:54:21 -0800 (PST)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 544A91B3265 for <cfrg@irtf.org>; Tue, 19 Jan 2016 08:54:21 -0800 (PST)
Received: by mail-yk0-x22e.google.com with SMTP id x67so657090248ykd.2 for <cfrg@irtf.org>; Tue, 19 Jan 2016 08:54:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=vn4IBtq7MjwKLtWExsr6h2NndU+zBgXR0Hgs+gE7SxU=; b=NmoUvVgV8TRQAOUknpOpmzwvfQ1IBOFYY4fT/ie+ENuGyD4shmAvw0fQ/nW8225TFa AX4zeCQRcw/MmSSZACZz+56N2T3JRyoagy/G+Gb0qIbiQxcr+UjM4GvmrZc+4OZ5oYGT rJ+R5WfFb2KT3zycNOW3W5vWWGa3v4SrwAEUWJqVz7YAgyGihh+Q1hGo5RHK+ag/thFU ZabgJOtc+QeRWcMpDxNZW0nxL0I42l2qyvf3ZwWvVWPSt9BrihXaL+zEtcd0l5PraPO6 V4zPLQ6eq7VYDkxPQmSZEcxa4wu1nuJeow/Hn0cGzRL9qxqunMWVnM0nxT91RPuSe8zn 2A0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=vn4IBtq7MjwKLtWExsr6h2NndU+zBgXR0Hgs+gE7SxU=; b=N/H06tm5uvbKqLfUs46QynHoi8QZxNIXy3pPJM+4aAHugjyOoRoF0b9GMVt/v2h3Wd aLAYL+nkiB7OOcRZWivgOzIdQ6VDYCwB/yLSsqN2JXfoNo4iHmdTfB/DpjNeastYmD8k TGPTdmWBQPWpDuHZsy3RkDq/2wU1P3vwIf1srfXZ4LezRRshHcuoUKCS9UgYYiFW8XM2 2W9+oAkAJYH9Jq76bqJ+Ph9VvSUF3lIDrzLWSQpuZshAzQ2z5fK25e23EiSSxnku5oMD h/GpgNDa06PXxjx9lA9YCalApQbHBcbSvtIxOvQBQBspqKbZzYwpZmlgTfInRzWQDCPC ydLA==
X-Gm-Message-State: ALoCoQlWcF6kOj7zDm7fuTJJQFPxyvpZGOP7Vusv/r7SD7yivgYpLm+ud1jkdkXIs0znXDVmU8uvw/3SyMZuqcPLrc2INYzgXg==
X-Received: by 10.37.65.202 with SMTP id o193mr7958145yba.17.1453222460349; Tue, 19 Jan 2016 08:54:20 -0800 (PST)
MIME-Version: 1.0
References: <CAMRqpb8g1so9=26w3Png3HaBthMeE1p7Q5Q2-Sz7AnNwWZsAWw@mail.gmail.com> <20160118042652.GA12670@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20160118042652.GA12670@LK-Perkele-V2.elisa-laajakaista.fi>
From: Andrew Bennett <potatosaladx@gmail.com>
Date: Tue, 19 Jan 2016 16:54:11 +0000
Message-ID: <CAMRqpb_-MhccA9L-PMnZvYH3qXGL_VU8ZyXsEZAxV71Uc1gVzg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="001a11c0387a8763ec0529b2b8fd"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/LpiZqfK3e2sOs8SFLLW_YYsH1Ss>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Question about edwards448 mapping in draft-irtf-cfrg-curves-11
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2016 16:54:23 -0000
Whoops, for some reason I didn't connect the meaning of the 4-isogeny between curve448 and edwards448 as being a scalar multiplication by 4. Thank you for your accurate guess :-) I was curious if I could find some sort of reproducible pattern for converting between the (u,v) of curve448 and the (x,y) of edwards448 and wound up with this slow/messy conversion using Sage (in case anyone else in the future is confused like I was): p = 2^448-2^224-1 F = GF(p) d = -39081 E = EllipticCurve(F,[0,2-4*d,0,1,0]) curve448_basepoint = E.lift_x(5) curve448_basepoint_div4 = curve448_basepoint.division_points(4)[0] u = curve448_basepoint_div4[0] v = curve448_basepoint_div4[1] edwards448_x = 4*v*(u^2 - 1)/(u^4 - 2*u^2 + 4*v^2 + 1) % p edwards448_y = -(u^5 - 2*u^3 - 4*u*v^2 + u)/(u^5 - 2*u^2*v^2 - 2*u^3 - 2*v^2 + u) % p Thanks again for you help! Andrew Bennett On Sun, Jan 17, 2016 at 9:26 PM Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Mon, Jan 18, 2016 at 03:59:18AM +0000, Andrew Bennett wrote: > > Hello, > > > > Quick disclaimer: my question detailed below might simply be due to my > own > > lack of knowledge related to the mathematical concepts of elliptic curves > > and their isogenies. > > Quick guess to the cause: This is not isomorphism, but 4-isogeny, so > when one round-trips once, the point gets multiplied (as in scalar > multiplication by four: 4G). > > The conversion from Edwards basepoint to Montgomery basepoint "works" > since the Edwards basepoint is specifically chosen so that: > > - It yields Montgomery basepoint when converted > - It has prime order. > > > -Ilari >
- [Cfrg] Question about edwards448 mapping in draft… Andrew Bennett
- Re: [Cfrg] Question about edwards448 mapping in d… Ilari Liusvaara
- Re: [Cfrg] Question about edwards448 mapping in d… Andrew Bennett