On 6/6/14, CodesInChaos <[email protected]> wrote: > If you want to convince Curve25519 implementations to switch to > ignoring the last bit, convincing the NaCl authors is really > important. I expect most libraries to value compatibility with NaCl > more highly than the advantages of an ignored bit. My impression is > that where NaCl leads the other implementations follow.
NaCl (as of nacl-20110221) is inconsistent with itself. The ‘ref’ implementation treats the high bit as part of an integer, while the ‘donna_c64’ implementation ignores the high bit. The ‘athlon’ implementation is an assembly-language blob, but the Tor folks tested it and found that it also ignores the high bit. Robert Ransom _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
