IETF Logo Mail Archive

Re: [Cfrg] Signature proposal

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Tue, 23 June 2015 08:00 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 066B41A904D for <cfrg@ietfa.amsl.com>; Tue, 23 Jun 2015 01:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uUxGA43xGArX for <cfrg@ietfa.amsl.com>; Tue, 23 Jun 2015 01:00:14 -0700 (PDT)
Received: from emh07.mail.saunalahti.fi (emh07.mail.saunalahti.fi [62.142.5.117]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFFA11A8FD3 for <cfrg@irtf.org>; Tue, 23 Jun 2015 01:00:13 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh07.mail.saunalahti.fi (Postfix) with ESMTP id 8E0704015; Tue, 23 Jun 2015 11:00:11 +0300 (EEST)
Date: Tue, 23 Jun 2015 11:00:11 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <20150623080011.GA10346@LK-Perkele-VII>
References: <CACsn0cm9rHw1EDAm=YbsN1PLQQkk3oz6qV5APtcTuir4uxyzUQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CACsn0cm9rHw1EDAm=YbsN1PLQQkk3oz6qV5APtcTuir4uxyzUQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/O48p3vv60AiM_8crsYLx1f8iSnA>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Signature proposal
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 08:00:17 -0000

On Sun, Jun 21, 2015 at 08:54:59PM -0700, Watson Ladd wrote:
> 
> We write E: (-1)y^4+x^4=1+dx^2y^2 as the affine form of an Edwards
> curve, possibly twisted over p. We represent values in F_p as
> little-endian fixed width length vectors of bytes of the
> representative in {0,1,\ldots p-1}. Define a value in F_p as negative
> if its smallest representative is less than p-1/2, and positive
> otherwise. We encode a point on E as the y coordinate followed by a
> byte which is 0 if the x coordinate negative, 1 if the x coordinate
> positive. Let q be the order of the large prime subgroup of E.

Did you mean E: (-1)x^2+y^2=1+dx^2y^2? AFAIK, Usually the a twist
factor is on x, and usually the lhs terms are quadric.

Also, isn't the usual negative/positive criteria when working on
curves that are possibly of fields of size 4k+1 the LSB of the
representative? I think that might be easier to get than comparing
the coordinate with (p-1)/2.


-Ilari

v2.23.0 | Report a Bug | By Email