[noise] Curve25519 key bitmask?
watsonbladd at gmail.com
Sun Jul 13 10:43:21 PDT 2014
The mysecret|=64 is to place the high bit in a known position to
make some addition algorithms easier.
The mysecret &=248 clears the low 3 bits of the secret to eliminate
the possibility of small-subgroup confinement attacks: only zero will
On Sun, Jul 13, 2014 at 10:39 AM, Jonathan Rudenberg
<jonathan at titanous.com> wrote:
> The Curve25519 documentation says that we should do these bitwise ops while computing the secret key:
> mysecret &= 248;
> mysecret &= 127;
> mysecret |= 64;
> It’s not immediately apparent what the reason for this is and if it has any negative/positive impact. Would someone explain it to me?
>  http://cr.yp.to/ecdh.html
> Noise mailing list
> Noise at moderncrypto.org
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
More information about the Noise