[curves] Climbing the elliptic learning curve (was: Re: Finalizing XEdDSA)
Ron Garret
ron at flownet.com
Tue Nov 8 17:23:06 PST 2016
On Nov 8, 2016, at 4:00 PM, Trevor Perrin <trevp at trevp.net> wrote:
> On Mon, Nov 7, 2016 at 12:51 AM, Ben Smith <hyperelliptic at gmail.com> wrote:
>>
>> Here's a rather longish explanation that might be helpful (I hope).
>> It's sort of a geometric complement to Mike's reply on curve shapes.
>> It should really be a link to a blog post, I suppose---but in the
>> absence of a blog, I'm posting it here.
>>
>> What I'm aiming to do here is
>> * Connect the Edwards equation with a Weierstrass equation (actually a
>> Montgomery curve);
>> * Show how the usual magic birational map appears in a more natural way;
>> * Resolve Ron's apparent degree-3-vs-degree-4 incompatibility; and
>> * Explain how we can ignore the whole resolution-of-singularities
>> issue by simply never having singularities in the first place.
>>
>> (If the geometric language goes over your head, don't worry; there
>> will be variables and equations the whole time to to show what I mean.
>
>
> Thanks to you and Mike, that's awesome!
>
> I wonder what the easiest path is to *learn* the geometric language
> that you and Mike are using, to the point of following along here?
>
> A lot of crypto-interested people can roughly understand RSA and DH,
> and would like to understand ECC, but get lost with terms like
> (skimming recent mails):
>
> twist
> torsion
> homogenous
> isogenies
> birational
> singularities / nonsingular
> affine
> projective (plane, closure, line)
> genus
> embedding
order
cofactor
characteristic
trace of frobenius
Another thing that has been driving me nuts for years is Theorem 2.1 in the Curve25519 paper. I understand what it *says* but I still don’t understand what it *means*.
rg
More information about the Curves
mailing list