[noise] Curve25519 key bitmask?

Jonathan Rudenberg jonathan at titanous.com
Sun Jul 13 10:39:04 PDT 2014

The Curve25519 documentation[0] says that we should do these bitwise ops while computing the secret key:

     mysecret[0] &= 248;
     mysecret[31] &= 127;
     mysecret[31] |= 64;

It’s not immediately apparent what the reason for this is and if it has any negative/positive impact. Would someone explain it to me?



[0] http://cr.yp.to/ecdh.html

More information about the Noise mailing list