Re: [Cfrg] Safecurves draft

Bodo Moeller <bmoeller@acm.org> Thu, 09 January 2014 15:26 UTC

MIME-Version: 1.0
In-Reply-To: <CABqy+soX0xVWG0+vJs-_7O1Ur_hkDW0u0acCGZYrrtEci5QRXw@mail.gmail.com>
References: <20140109031144.6111382.52184.8264@certicom.com> <20140109094731.GA12327@netbook.cypherspace.org> <CADMpkc+giuSZgrYmusRJmj5SyN9Dcu_Mdaqx5KQPyXGMmosFUw@mail.gmail.com> <CABqy+soXxjY+fEzpHP+_yn9Y1Xtapm_9OWbgDcA_J_Lukz_YLw@mail.gmail.com> <CADMpkcJFk2C5DPQX9RVWphUH25atsUX2vPA7RwNf8zbmR6dXJQ@mail.gmail.com> <CABqy+soX0xVWG0+vJs-_7O1Ur_hkDW0u0acCGZYrrtEci5QRXw@mail.gmail.com>
Date: Thu, 09 Jan 2014 16:26:42 +0100
Message-ID: <CADMpkcKptQrtXyaarkXiMpRyGmobEcywbTeTkkcb6uWB-yttwg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Robert Ransom <rransom.8774@gmail.com>
Content-Type: multipart/alternative; boundary="089e013a10468ea63404ef8b3ce3"
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Safecurves draft
Precedence: list

Robert Ransom <rransom.8774@gmail.com>:

> So while the Montgomery-form Curve25519 certainly has its use, allowing
> > applications to negotiate a different form for ECDH would be beneficial.
>
>

> Even if the party which generates a public key uses Edwards-form
> points internally for that operation, whoever generates the key can
> put it into Montgomery form for free before scaling, whereas whoever
> receives it would need to perform an extra coordinate inversion in
> order to convert from Edwards form to affine Montgomery form.


That's a good point.  As I've pointed out (or tried to point out, anyway),
the receiver might want to do the computations in Edwards form too, but
there's not that much to be gained from that, so it may not be worth the
extra complexity.

Bodo

[Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Stephen Farrell
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Dan Harkins
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Alyssa Rowan
Re: [Cfrg] Safecurves draft Stephen Farrell
Re: [Cfrg] Safecurves draft Alyssa Rowan
Re: [Cfrg] Safecurves draft Stephen Farrell
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Isaac Chua
Re: [Cfrg] Safecurves draft Dan Brown
Re: [Cfrg] Safecurves draft Manuel Pégourié-Gonnard
[Cfrg] Fwd: Re: Safecurves draft Alyssa Rowan
Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Adam Back
Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom
Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Johannes Merkle
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Safecurves draft Robert Ransom
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Safecurves draft Robert Ransom
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom
Re: [Cfrg] Safecurves draft Mike Hamburg
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Jon Callas
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Paul Lambert
Re: [Cfrg] Safecurves draft Watson Ladd
Re: [Cfrg] Safecurves draft Bodo Moeller
Re: [Cfrg] Fwd: Re: Safecurves draft Manuel Pégourié-Gonnard
Re: [Cfrg] Safecurves draft Robert Ransom
Re: [Cfrg] Fwd: Re: Safecurves draft Robert Ransom