[curves] Curve19119: A legacy-level little brother of Curve25519

Trevor Perrin trevp at trevp.net
Thu Jul 27 15:32:02 PDT 2017

On Thu, Jul 27, 2017 at 4:27 PM, Björn Haase <bjoern.m.haase at web.de> wrote:
> "Making Password Authenticated Key Exchange Suitable For
> Resource-Constrained Industrial Control Devices"
> https://eprint.iacr.org/2017/562
> We observe a speedup factor of roughly 1.9 in comparison to our X25519
> implementation on a Cortex M0+ microcontroller.

Hi Björn,

Thanks, that's a good read.  Couple Qs:

 * Did you give any thought to FourQ, which claims similar speedups
with respect to 25519 but also a similar security level? [1]

 * For the PAKE, since you have Elligator, did you consider anything
like the "SPAKE2-Elligator Edition" approach of [2] - basically,
DH-EKE where the DH public values are masked by adding


[1] https://eprint.iacr.org/2017/434.pdf


More information about the Curves mailing list