Some curves have parameters that have particular properties that allow for certain kinds of optimizations that don’t work for general parameters.
For example, to do general modular arithmetic you need to compute remainders, which means you need to do divisions, which are expensive. But if you are doing modular arithmetic modulo a prime P that is of the form 2^N-k where k is small, then there’s a trick that lets you compute remainders mod P without having to divide by P. This is why curve25519 is called what it is. N=255 and k=19. (The trick, in case you’re wondering, is this: to reduce a number M mod P where P=2^N+k, let M1=M/(2^N) and M2=M mod (2^N), i.e. M1 is M right-shifted N bits and M2 is the N least significant bits of M. Then M mod P = (M2 + M1*k) mod P. Obviously this is only a win when k is small.) On Jun 18, 2015, at 10:05 AM, Ray Dillinger <[email protected]> wrote: > I may be ignorant here but I'm wondering why adding support for > a different curve is such a big deal for all these libraries and > programs. > > Isn't a curve just a block of static parameters which some > generic ECC code can work on? Why isn't adding a curve just a > matter of defining a data block? > > Bear > > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
