[curves] The great debate over point formats (Mike Hamburg)

Paulo S. L. M. Barreto pbarreto at larc.usp.br
Mon Feb 3 12:13:49 PST 2014


On Sun, February 2, 2014 19:52, Michael Hamburg wrote:

> I was referring to the Weierstrass form with this comment, not the prime
> shape.  I agree with Robert and Watson from a few posts ago (and, it seems,
> with you) that it’s dangerous to try to reuse Weierstrass implementations with
> new curves, because they’ll have the problems of the old ones (incomplete
> formulas) and the new (cofactors), and possibly worse ones from the
> combination (cofactors leading to corner cases).

Ah, OK, now I get it. Yes, I too deem reusing Weierstrass implementations a
poor idea to say the least.

One additional but minor point against such a reuse is that it will be usually
worthless anyway without implementing the birational map to Edwards or
Montgomery (the x-coordinate usually adopted in protocols is meaningless per
se, and mus be coupled to a curve model). Existing Weierstrass implementations
alone are not an off-the-shelf workaround for other curve models.

Cheers,

Paulo.




More information about the Curves mailing list