[curves] F2m curve compression
zaki at manian.org
zaki at manian.org
Sun Dec 4 11:06:11 PST 2016
It appears Ofek got the help he needed here.
https://github.com/pyca/cryptography/pull/3287
On Sat, Dec 3, 2016 at 6:08 PM Ofek Lev <ofekmeister at gmail.com> wrote:
> I understand for prime curves it is just `bytes(0x02 + flag) + bytes(x)`
> where flag is the LSB of y. For the F2m curves I cannot make out how to do
> it.
>
> IEEE P1363
> <http://grouper.ieee.org/groups/1363/IBC/material/P1363.3-D1-200805.pdf%20section%205.6.6.1.2> section
> 5.6.6.1.2 appears to say flag is '1 if y of point > y of inverse point else
> 0' which I think just means `if y > x`.
>
> these slides
> <http://cs.ucsb.edu/~koc/ccs130h/projects/03-ecc-protocols/Julio_Slides.pdf> (slide
> 15) by Julio Lopez and Ricardo Dahab appear to suggest my interpretation of
> the IEEE method is off (I think).
>
> http://www.secg.org/sec1-v2.pdf
> <http://www.secg.org/sec1-v2.pdf%20section%202.3.3%20part%202.2.2> (which
> I think is the standard reference) section 2.3.3 part 2.2.2 has yet another
> notation that I do not understand.
>
> I was told there are multiple ways. Can someone please explain the most
> *standard* (or easiest) way requiring size m + 1, preferably from a
> programmer's perspective? This math is beyond me :)
>
> Any insight would be greatly appreciated.
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20161204/73489b68/attachment.html>
More information about the Curves
mailing list