On Mon, Dec 8, 2014 at 2:07 PM, Mike Hamburg <[email protected]> wrote: > Hi curves, > > Here is another try at a unified point compression system.
So why is this better than just using the Montgomery x-coordinate, plus the Edwards sign bit, for a "unified format"? People have a lot of experience and code for dealing with Montgomery x in the case of Curve25519, so it would make sense to leverage that. This format can be decompressed into Edwards form with very small efficiency loss (a few percent). So these public keys could be used with Ed25519 or similar signature algorithms easily. And for ECDH you can ignore the bit and just do the Montgomery ladder, so this is of course very efficient there. I'm biased because TextSecure essentially does this, but I'm not sold on the merits of your more complicated encodings yet. Trevor _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
