Re: [Cfrg] Safecurves draft

Robert Ransom <rransom.8774@gmail.com> Fri, 10 January 2014 02:43 UTC

MIME-Version: 1.0
In-Reply-To: <B29AD107-69D0-4EF5-9D5B-137C1E333AEA@shiftleft.org>
References: <20140109031144.6111382.52184.8264@certicom.com> <20140109094731.GA12327@netbook.cypherspace.org> <CADMpkc+giuSZgrYmusRJmj5SyN9Dcu_Mdaqx5KQPyXGMmosFUw@mail.gmail.com> <CABqy+soXxjY+fEzpHP+_yn9Y1Xtapm_9OWbgDcA_J_Lukz_YLw@mail.gmail.com> <CADMpkcJFk2C5DPQX9RVWphUH25atsUX2vPA7RwNf8zbmR6dXJQ@mail.gmail.com> <CABqy+soX0xVWG0+vJs-_7O1Ur_hkDW0u0acCGZYrrtEci5QRXw@mail.gmail.com> <CADMpkcKptQrtXyaarkXiMpRyGmobEcywbTeTkkcb6uWB-yttwg@mail.gmail.com> <B29AD107-69D0-4EF5-9D5B-137C1E333AEA@shiftleft.org>
Date: Thu, 09 Jan 2014 18:42:57 -0800
Message-ID: <CABqy+srqeZx+bPtmxGMKhb1V6Kbs9mBZTzKn3=CnEZ2fJ8HR7A@mail.gmail.com>
From: Robert Ransom <rransom.8774@gmail.com>
To: Mike Hamburg <mike@shiftleft.org>
Content-Type: text/plain; charset="UTF-8"
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Safecurves draft
Precedence: list

On 1/9/14, Mike Hamburg <mike@shiftleft.org> wrote:

> I wonder, though, if the standard encoding of the spec should have the sign
> of the y-coordinate.  That way if we want to use the format for something
> other than ECDH -- signatures or PAKE or whatever -- we won't have to
> specify a new encoding.

I've implemented some routines that generate and use Curve25519 keys
represented as the Montgomery-form x coordinate, with the high bit
used to transmit the sign bit of the Edwards-form x coordinate.

I would still recommend distinguishing the case where the party who
generated the key did not compute the sign bit from the case where
that party did compute the sign bit, and the sign bit was 0.  That
calls for two point formats (or three if anyone wants an uncompressed
point with the whole Edwards-form x coordinate).

Robert Ransom

[Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Stephen Farrell
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Dan Harkins
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Alyssa Rowan
Re: [Cfrg] Safecurves draft Stephen Farrell
Re: [Cfrg] Safecurves draft Alyssa Rowan
Re: [Cfrg] Safecurves draft Stephen Farrell
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Isaac Chua
Re: [Cfrg] Safecurves draft Dan Brown
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
[Cfrg] Fwd: Re: Safecurves draft Alyssa Rowan
Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Adam Back
Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom
Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Johannes Merkle
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Safecurves draft Robert Ransom
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Safecurves draft Robert Ransom
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom
Re: [Cfrg] Safecurves draft Mike Hamburg
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Jon Callas
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Robert Ransom
Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom