Re: [Cfrg] 25519 naming

Watson Ladd <> Wed, 27 August 2014 15:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B17EF1A0AEF for <>; Wed, 27 Aug 2014 08:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MNU7OSeOtfsI for <>; Wed, 27 Aug 2014 08:52:46 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BC6B41A0AE7 for <>; Wed, 27 Aug 2014 08:52:45 -0700 (PDT)
Received: by with SMTP id 142so364460ykq.23 for <>; Wed, 27 Aug 2014 08:52:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=sqNaGkXpebY7Xa+Hr1gt6RDjFQQAzv+mi/IzsWxGiqs=; b=kS4MuKNh9P4eic1AWyTwIJgmf0JtSkwxQFkkXzvT8ToRz+rArA/D1PeK6ipMOQ1uYg deZ4no8AChXjzRe+EPzKd3eGxpsFzwSe7xE/NkbMlwE8ESa3cSgbg2n/LYkSkJfkbMpZ +dZj7aIaU3Jey9DyfL8ThHi4dQvirQy0Kx4rHpUhtpdDrmUkrVzIoGV7e2Wbt5iSqXbb mop7uJwX9segzsToNNPhjPpp3fctDOz4oBLD+408imro7epmlNN6qc4RaZXmHPk9S2x1 43kJWvUfIR0p7n0ZiuuBFPnc34CaZ41hhUjcp7LslR9OeHm74admjQzWDJxIH9uIMH2o IXag==
MIME-Version: 1.0
X-Received: by with SMTP id q41mr22226121yhd.84.1409154765019; Wed, 27 Aug 2014 08:52:45 -0700 (PDT)
Received: by with HTTP; Wed, 27 Aug 2014 08:52:44 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Wed, 27 Aug 2014 08:52:44 -0700
Message-ID: <>
From: Watson Ladd <>
To: David Leon Gil <>
Content-Type: multipart/alternative; boundary="bcaec50dc65833e1be05019e69cc"
Cc: "" <>
Subject: Re: [Cfrg] 25519 naming
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Aug 2014 15:52:48 -0000

On Aug 27, 2014 6:19 AM, "David Leon Gil" <> wrote:
> Cryptographers have, for quite a while, abused notation and
identified different, isomorphic, elliptic forms. Well, abuse of notation
strikes back.
> Part of the problem is that calling a transfer of co├Ârdinates to a
different form a 'co├Ârdinate transform' is confusing. (I suspect that most
people don't have sufficient topology to realize that different forms have
different topologies.)

They all have the same topology. They don't have the same geometry. The
subject you are looking for is algebraic geometry. If we're going to be
annoyingly precise, we should be annoyingly precise.

> Mathematicians have a perfectly good terminology already; why not simply
adopt that, and be explicit about the maps used to transfer between forms?

Well, there is a slight problem: Let X be the curve. Then X has no
coordinates: rather coordinates are a choice of injective map to P^2 or P^1
\times P^1 or something like that. So when someone says "take x+486662/3 to
map onto a curve of the form blah blah" they mean that there is a
commutative triangle with X over P^2 and X over P^2, with the image of the
downwards morphisms lying in the zero locus of the given equation
homogenized, and the thing commutes. (It also all goes over F_p for some

The reason X has no coordinates is that a scheme isn't defined to include a
canonical choice, any more than an atlas is a choice of charts in
differential geometry. The definition has already elided all coordinates.

To avoid all this verbiage, which everyone understands (with the usual
criteria about what "everyone" means) we speak in the informal language of
coordinates, and then mentally translate into the language of EGA. I don't
see what's missing from DJBs email in this regard.

Watson Ladd

> On Monday, August 25, 2014, D. J. Bernstein <> wrote:
>> All relevant coordinate systems already have standard names in the
>> literature, and I would suggest sticking to those names whenever it's
>> necessary to discuss the coordinate systems per se:
> _______________________________________________
> Cfrg mailing list