[cryptography] Point compression prior art?
James A. Donald
jamesd at echeque.com
Sat May 21 07:17:12 EDT 2011
On 2011-05-21 9:12 AM, Paul Crowley wrote:
> On 20/05/11 23:49, Nico Williams wrote:
>> What about using Shcnorr's signature scheme with ECDH? Here's DJB
>> talking about it in the context of his Curve25519, which uses the
>> discard-y point compression technique:
>> This would seem adequate to me, and should result in small signatures.
> I don't see how "discard y" works here. It works for DH because x(±yB) =
> ±xyB = y(±xB). But for Schnorr the verifier needs sB-rnB and sB-rnB !=
> sB-r(-nB). I guess it wouldn't be too expensive to try both - any
> opinions on the patent status of that?
I believe that the wheel is patented, as is the idea of trying to get
around the patent by using something other than a wheel for the sort of
purposes a wheel might be used for. Should someone ever figure how to
make something other than a wheel roll, the idea of rolling non wheels
is also patented.
More information about the cryptography