[curves] The great debate over point formats (Mike Hamburg)

[Samuel Neves]

On 02-02-2014 21:52, Michael Hamburg wrote:
> I was referring to the Weierstrass form with this comment, not the prime shape.  I agree with Robert and Watson from a few posts ago (and, it seems, with you) that it’s dangerous to try to reuse Weierstrass implementations with new curves, because they’ll have the problems of the old ones (incomplete formulas) and the new (cofactors), and possibly worse ones from the combination (cofactors leading to corner cases).

The recent report by Bos et al [1] might be helpful here to get actual
drop-in replacements to the NIST curves. The reported speeds of the
proposed Weierstrass curves are not so bad in comparison with Edwards,
although those cycle counts are still rather high compared to the
current state of the art.

[1] https://research.microsoft.com/apps/pubs/default.aspx?id=209303