[curves] curve25519 public keys with high bit set
CodesInChaos
codesinchaos at gmail.com
Wed Jun 4 07:06:02 PDT 2014
No matter which way is chosen, it's important to get the IETF TLS
specification for Curve25519 to match what's chosen and to include
test-vectors for it.
Personally I prefer ignoring the bit. My effort to change
LibSodium/Donna was to ensure that all major implementations have the
same behaviour.
If we can get all major implementations, including NaCl to ignore the
bit I'd be happy to follow that path.
On a related note, DJB's implementations in SUPERCOP recently changed
from interpreting it as a 256 bit integer to ignoring the top bit.
But I don't know if NaCl will follow. Somebody should talk with its authors.
Note that you can put a sign into MSB, even with 256 bit integer
interpretation, it's just a bit annoying.
More information about the Curves
mailing list