[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cfrg
Subject:    [Cfrg] Change of point formats
From:       Watson Ladd <watsonbladd () gmail ! com>
Date:       2014-01-23 6:56:20
Message-ID: CACsn0cme1zn9ntHOOseF+be+LyvbwCRFu6Cbv2XmVmtN-k4cZQ () mail ! gmail ! com
[Download RAW message or body]

Dear all,
After thinking about it for a while, I discovered an argument that
changed my opinion about point formats. Robert Ransom's suggestion to
use a sign for an Edwards x and send the body of a Montgomery x is
much better then it looks like at first.

The argument is as follows: right now the proposed format forces a
protocol to decide whether a point will be used in addition or not.
For most applications this is perfectly fine, and the efficiency
considerations mitigate against Robert Ransom's proposal.

But there is one application for which this is not ideal: Tor. The Tor
developers would love to smuggle in a point that can be added in the
place where one that cannot lives. Add to it the possibility of using
one implementation for everything, and I see a lot of value in this
idea.

Supporting this proposal involves some dramatic changes to the draft.
For one thing Montgomery form with reciprocals of small integers will
have to be introduced. Several curves (and I don't know which yet)
will have to vanish because they are not amenable to this trick.

I'm also considering adding the Elligator map, given its usefulness
when uniform representations are required.

Anyway, several more days, possibly even a few weekends before the
next version comes out.

Sincerely,
Watson Ladd

[prev in list] [next in list] [prev in thread] [next in thread]