[cryptography] Curve25519 OID (was: Re: the spell is broken)
codesinchaos at gmail.com
Sun Oct 6 13:45:44 EDT 2013
There are many details that are not clear to me. Typical Curve25519 usage
deviates from typical NIST curve usage in several ways:
1. montgomery form, not weierstrass (conversion probably possible, never
looked into details)
2. custom serialization format for public keys (32 bytes little endian,
reduced mod 2^255-19, no DER/BER)
3. x-coordinate only public keys
4. x-coordinate only shared secrets
5. custom serialization format for shared secrets (32 bytes little endian,
6. shared secret hashed with HSalsa
Which of those particularities does this OID include?
A related question: Why not drop montgomery form Curve25519 entirely in
favor of Edwards form?
In my own programs I use Edwards form for all public keys, including those
used for key-exchange.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography