[curves] curve25519 public keys with high bit set
Robert Ransom
rransom.8774 at gmail.com
Fri Jun 6 13:27:12 PDT 2014
On 6/6/14, CodesInChaos <codesinchaos at gmail.com> wrote:
> If you want to convince Curve25519 implementations to switch to
> ignoring the last bit, convincing the NaCl authors is really
> important. I expect most libraries to value compatibility with NaCl
> more highly than the advantages of an ignored bit. My impression is
> that where NaCl leads the other implementations follow.
NaCl (as of nacl-20110221) is inconsistent with itself. The ‘ref’
implementation treats the high bit as part of an integer, while the
‘donna_c64’ implementation ignores the high bit. The ‘athlon’
implementation is an assembly-language blob, but the Tor folks tested
it and found that it also ignores the high bit.
Robert Ransom
More information about the Curves
mailing list