[messaging] sign(y) for Elligator2_p2r from X25519 u-points
Mike Hamburg
mike at shiftleft.org
Wed Mar 14 09:59:26 PDT 2018
Hello Van Gegel,
You must select sign(v), the sign of the square root, and bit 255 all at random, and the point can’t be confined to a subgroup of curve25519.
But also, this is for a PAKE right? I thought you were implementing a two-point EKE to avoid Elligator. If you’re implementing Elligator, why not use SPEKE, where you would only need the forward direction?
— Mike
Sent from my phone. Please excuse brevity and typos.
> On Mar 14, 2018, at 05:46, Van Gegel <torfone at ukr.net> wrote:
>
> Hello, Messaging!
>
> I'm trying to adapt Elligator2 p2r() to the uNaCl X25519 library for embedded systems.
> The original p2r() uses the sign(v) to select between sqrt(-u/(2(u+A))) and sqrt(-(u+A)/(2u))) .
> But X25519 point has no v ( sign(v) is always assumed to be 0 ).
> Can I use sign(v)=0 or must select the sign(v) randomly to get a completely random representation string of X25519 u-point with p2r()?
>
> Thanks,
> Van Gegel.
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
More information about the Messaging
mailing list