[curves] Approaches to scalar arithmetic on ed25519/curve25519

zaki at manian.org zaki at manian.org
Sun Oct 11 17:47:54 PDT 2015 

I'm interested in resources on converting between scalar values and ed25519
points or scalar arithmetic on the curve.

Specifically, I'm interested in exploring protocols that use the additive
homomorphism on the curve such (a+f)* G= A +F

or a more specific example

   1. Generate two eddsa keys: (pub_1,key_1), (pub_2,key_2)
   2. Compute the private scalar for each. key_1 -> exp_key_1 , key2 ->
   exp_key_2
   3. Convert the keys to ed25519 points. exp_key_1 -> pt_1, exp_key_2
   ->pt_2
   4. Add the points to each other to get a third point. pt_1 + pt_2 -> pt_3
   5. The sum of the points multiplied by the base point is expected to
   equal sum of the original public keys. Knowing how to convert the sum of
   the points to the base point would also be nice pt_3 * G == pub_1 + pub_


In some ways, this question is an extension of previously discussed topics
on the list such as "General Curve25519 and Ed25519 Libraries" [1]

I'm looking for the following kind of help.

1. Software libraries that might be helpful. I would like to be able reuse
the results in widely deployed ed25519 implementation like ref10 and
tweet-nacl.
2. References for understanding what is involved in implementing scalar ->
point -> scalar conversions.
3. Reference for implementing the appropriate scalar arithmetic that can be
done parallel to the point arithmetic facilities that already exist.

I also asked this question on stack exchange[2]. If I get any usual
information, I'll be sure make sure it is documented where it needs to be.

Finally, I am aware that convenient mechanisms for manipulating these
properties exist in secp257k1 ecosystem. That is part of my interest in
being about to do similar on ed25519.

[1] https://moderncrypto.org/mail-archive/curves/2015/000522.html
[2]
https://crypto.stackexchange.com/questions/29772/encoding-scalar-values-to-points-on-ed25519?noredirect=1#comment68710_29772
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20151011/8e70ce48/attachment.html>

More information about the Curves mailing list