[cryptography] Curve25519 OID (was: Re: the spell is broken)

CodesInChaos codesinchaos at gmail.com
Sun Oct 6 13:45:44 EDT 2013

There are many details that are not clear to me. Typical Curve25519 usage
deviates from typical NIST curve usage in several ways:

1. montgomery form, not weierstrass (conversion probably possible, never
looked into details)
2. custom serialization format for public keys (32 bytes little endian,
reduced mod 2^255-19, no DER/BER)
3. x-coordinate only public keys
4. x-coordinate only shared secrets
5. custom serialization format for shared secrets (32 bytes little endian,
6. shared secret hashed with HSalsa

Which of those particularities does this OID include?


A related question: Why not drop montgomery form Curve25519 entirely in
favor of Edwards form?
In my own programs I use Edwards form for all public keys, including those
used for key-exchange.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131006/15e6500b/attachment.html>

More information about the cryptography mailing list