As far as other curves go, there is also my Decaf library for Ed448-Goldilocks:
http://sourceforge.net/p/ed448goldilocks/code/ci/decaf/tree/ <http://sourceforge.net/p/ed448goldilocks/code/ci/decaf/tree/> It includes a C++ header with overloaded arithmetic operations, so you can do all the arithmetic operations you might expect: Scalar +-*/= Scalar Point +-= Point Point */ Scalar, Scalar * Point Precompute point, precomputed point */ scalar Constant or variable-time double scalarmul Convert point to a string and back Hash uniformly or non-uniformly to the curve Steganographically encode point on curve The code implements a prime-order group, so you don’t have to worry about cofactor. All the operations are constant-time except variable-time double-scalar-mul (i.e. verify), and steg encoding (which succeeds with probability 1/2 on each iteration). The library also includes an implementation of SHA3 and SHAKE, but you can glue it to your favorite hash function instead. I can’t guarantee that the code is 100% stable, but it should be plenty for research use. Most of the guts are generic, so it shouldn’t be too hard to point to other curves, especially curves over 3-mod-4 fields with cofactor exactly 4. (I.e. you could try porting to Curve25519, but it’d be trickier than porting to a curve mod 2^251-9 or the MS NUMS curves.) Cheers, — Mike > On Jun 17, 2015, at 2:16 PM, Frank Wang <[email protected]> wrote: > > Hi, > > I am working on a research project at MIT, and I need to use elliptic curves > (or a group where DDH is hard, but elliptic curves seem like the best way to > go) to implement a cryptographic scheme. I've been trying to search for > general Curve25519 and Ed25519 libraries where I can just do add and scalar > multiply as well as hash messages to points. The best library I've come > across so far is tweetnacl, which has the add and scalar multiply operation > for Ed25519, but it's a bit difficult to use, and I end up modifying the > library to do subtraction of points. > > I have yet to find a good library that allows me to just do operations on > Ed25519 or Curve25519. Does such a library exist? If not, any tips on what I > should do? Should I just use another curve library that is better supported? > If so, any suggestions? > > Thanks, > Frank > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
