[curves] The great debate over point formats (Mike Hamburg)
Michael Hamburg
mike at shiftleft.org
Fri Jan 31 11:04:44 PST 2014
On Jan 31, 2014, at 10:50 AM, Paulo S. L. M. Barreto <pbarreto at larc.usp.br> wrote:
> You convinced me. If you convince Diego as well, we'll have fun redesigning
> the curve-finding script ;-) (actually I wasn't quite happy with them either,
> since they don't adopt the more efficient (-1)-twist for Edwards curves)
Heh, sorry to cause trouble.
+1 vs -1 doesn’t matter that much. They’re isomorphic over 1 mod 4 fields, and isogenous over 3 mod 4 fields. We’ve been spec’ing them as +1 at least for 3 mod 4 fields, so that arithmetic is complete, and leaving the isogenous curve as an implementation trick. But whatever the case is, you’ll find basically the same curves whichever sign you choose.
Cheers,
— Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140131/023eb60b/attachment.html>
More information about the Curves
mailing list