[curves] curve25519 public keys with high bit set

Trevor Perrin trevp at trevp.net
Tue Jun 3 19:22:42 PDT 2014


On Tue, Jun 3, 2014 at 5:21 PM, Robert Ransom <rransom.8774 at gmail.com> wrote:
>
> (For what it's worth, I do think that masking off the high bit was
> originally a bug -- it didn't match the behaviour specified in the
> paper, or on Dr. Bernstein's Curve25519 web page -- but it's not only
> the de-facto standard now, it's also a good idea.)

My point is that it's not the de-facto standard: libraries have been
changing from masking -> processing the full 256-bit value:

>> http://www.ietf.org/mail-archive/web/cfrg/current/msg04333.html
>> https://github.com/jedisct1/libsodium/issues/78
>> https://github.com/agl/curve25519-donna/commit/81b6dcb6cf5b983ec6391f36aa061caef07c58ad

I think they should change back!


Trevor


More information about the Curves mailing list