On Sun, February 2, 2014 19:52, Michael Hamburg wrote: > I was referring to the Weierstrass form with this comment, not the prime > shape. I agree with Robert and Watson from a few posts ago (and, it seems, > with you) that its dangerous to try to reuse Weierstrass implementations with > new curves, because theyll have the problems of the old ones (incomplete > formulas) and the new (cofactors), and possibly worse ones from the > combination (cofactors leading to corner cases).
Ah, OK, now I get it. Yes, I too deem reusing Weierstrass implementations a poor idea to say the least. One additional but minor point against such a reuse is that it will be usually worthless anyway without implementing the birational map to Edwards or Montgomery (the x-coordinate usually adopted in protocols is meaningless per se, and mus be coupled to a curve model). Existing Weierstrass implementations alone are not an off-the-shelf workaround for other curve models. Cheers, Paulo. _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
