On 21/05/11 01:04, Sebastien Martini wrote:
From a practical point of view there is however something not really
handy with Schnorr's signature scheme, that is you can't call the sign
function with a hash of the message because the ephemeral public key
must be concataned to the message before
On 2011-05-21 9:12 AM, Paul Crowley wrote:
On 20/05/11 23:49, Nico Williams wrote:
What about using Shcnorr's signature scheme with ECDH? Here's DJB
talking about it in the context of his Curve25519, which uses the
discard-y point compression technique:
Usage of the word rolling is also trademarked and limited.
You forgot about wheels that do not roll. Can't use that either.
You may have found some people using wheels for rolling. They should be
frowned upon, given extra-intimate pat-downs, blackmailed, arrested anyway,
made fun of before
Dear Paul Crowley:
How about the Compact Representation, section 4.2, of RFC 6090:
http://www.rfc-editor.org/rfc/rfc6090.txt
Is that the same point compression that you were looking for?
Regards,
Zooko
___
cryptography mailing list
On Fri, May 20, 2011 at 5:40 PM, Paul Crowley p...@ciphergoth.org wrote:
On 20/05/11 23:14, Zooko O'Whielacronx wrote:
How about the Compact Representation, section 4.2, of RFC 6090:
http://www.rfc-editor.org/rfc/rfc6090.txt
Is that the same point compression that you were looking for?
On 20/05/11 23:49, Nico Williams wrote:
What about using Shcnorr's signature scheme with ECDH? Here's DJB
talking about it in the context of his Curve25519, which uses the
discard-y point compression technique:
http://www.derkeiler.com/Newsgroups/sci.crypt/2006-08/msg01621.html
This would
http://cr.yp.to/patents/us/6141420.html
Gives us the algorithm published in 1992
For elliptic curves expressed as
y^2+ y.x = x^3 + a.x^2 + b
For a given value of x, there are two possible values of y/x, differing
by 1.
Thus, to compress the point, represent it by the full value of x, and
On 2011-05-17 8:55 AM, David-Sarah Hopwood wrote:
On 03/05/11 19:59, Zooko O'Whielacronx wrote:
Have you seen DJB's Irrelevant patents on elliptic-curve cryptography
http://cr.yp.to/ecdh/patents.html
[...]
My Curve25519 software never computes y, so it is not covered by the
patent. It
On 03/05/11 19:59, Zooko O'Whielacronx wrote:
Have you seen DJB's Irrelevant patents on elliptic-curve cryptography
http://cr.yp.to/ecdh/patents.html
[...]
My Curve25519 software never computes y, so it is not covered by the
patent. It should, in any case, be obvious to the reader that a
