[curves] F2m curve compression

Ofek Lev ofekmeister at gmail.com
Sat Dec 3 18:08:30 PST 2016


I understand for prime curves it is just `bytes(0x02 + flag) + bytes(x)`
where flag is the LSB of y. For the F2m curves I cannot make out how to do
it.

IEEE P1363
<http://grouper.ieee.org/groups/1363/IBC/material/P1363.3-D1-200805.pdf%20section%205.6.6.1.2>
section
5.6.6.1.2 appears to say flag is '1 if y of point > y of inverse point else
0' which I think just means `if y > x`.

these slides
<http://cs.ucsb.edu/~koc/ccs130h/projects/03-ecc-protocols/Julio_Slides.pdf>
(slide
15) by Julio Lopez and Ricardo Dahab appear to suggest my interpretation of
the IEEE method is off (I think).

http://www.secg.org/sec1-v2.pdf
<http://www.secg.org/sec1-v2.pdf%20section%202.3.3%20part%202.2.2> (which I
think is the standard reference) section 2.3.3 part 2.2.2 has yet another
notation that I do not understand.

I was told there are multiple ways. Can someone please explain the most
*standard* (or easiest) way requiring size m + 1, preferably from a
programmer's perspective? This math is beyond me :)

Any insight would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20161203/d82ae3b7/attachment.html>


More information about the Curves mailing list