[cryptography] Curve25519 OID

Billy Brumley bbrumley at gmail.com
Mon Oct 7 13:40:06 EDT 2013


People seem to be mixing curve25519 as a function and curve25519 as a ...
well, curve (I prefer this).

The form Samuel gives is compatible with many standards. And of course it
can be used for digital signatures. Implementations can choose to transform
to and from the Montgomery form and benefit from all the implementation
slickness.

I suspect Dan wouldn't like this because, viewing curve25519 as just a
curve and in "standards compatible form", there's so many ways an
implementation would violate all that curve25519 as a function brings to
the table. I can expand on these horror scenarios, or just use your
imagination.

BBB


On Sun, Oct 6, 2013 at 3:13 PM, Samuel Neves <sneves at dei.uc.pt> wrote:

> On 06-10-2013 18:45, CodesInChaos wrote:
> > There are many details that are not clear to me. Typical Curve25519
> > usage deviates from typical NIST curve usage in several ways:
> >
> > 1. montgomery form, not weierstrass (conversion probably possible,
> > never looked into details)
>
> This is always possible. For curve25519, we have:
>
> y^2 = x^3 - 102314837768112 x + 398341948620716521344
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131007/c8f7c4d7/attachment-0001.html>


More information about the cryptography mailing list