[curves] Computing an inverse scalar for Curve25519
Mike Hamburg
mike at shiftleft.org
Tue May 30 15:37:15 PDT 2017
Is it enough to use 8*r and 8*(r^-1 mod q) for this protocol?
If not, or if you can’t prove it, you could always use my library at
https://sourceforge.net/projects/ed448goldilocks/ <https://sourceforge.net/projects/ed448goldilocks/>
It gives a prime-order quotient group of Ed448 and Curve25519, and it implements Elligator and division mod q.
— Mike
> On May 30, 2017, at 3:31 PM, Alexey Ermishkin <scratch.net at gmail.com> wrote:
>
> Thanks for pointing out at my mistakes and a very good explanation. I will
> continue to dig deeper
>
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170530/74b47bba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3571 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170530/74b47bba/attachment.bin>
More information about the Curves
mailing list