Hi Frank,

My library supports hashing to the curve, as do Snowshoe [*] and Libelligator 
[+], and not much else that I’m aware of.  Especially if you want it to be 
constant time and/or fast.  I’d bet that some of the other fancy libraries like 
PBC and MIRACL have it though.

I somehow misread your original message as “hashing points”.

Cheers,
— Mike

[*] https://github.com/catid/snowshoe <https://github.com/catid/snowshoe> by 
Christopher A Taylor

It’s pretty fast and uses a 254-bit field.  It doesn’t export point operations, 
but since it’s an Edwards curve it should be reasonably safe to use the 
internal APIs.

[+] https://github.com/Yawning/libelligator 
<https://github.com/Yawning/libelligator>

I found this by Googling.  It looks to be based on Donna.

> On Jun 18, 2015, at 11:01 AM, Frank Wang <[email protected]> wrote:
> 
> Hi Mike, 
> 
> Well, I want a way to translate a n-bit message to a point on the curve. My 
> understanding is that it's easiest to hash it to the curve, but I could just 
> be confused. 
> 
> Does your library not support hashing to the curve?
> 
> Frank
> 
> On Thu, Jun 18, 2015 at 1:50 PM, Mike Hamburg <[email protected] 
> <mailto:[email protected]>> wrote:
> Wait, do you want to hash messages to the curve, or just be able to hash 
> curve points?  The former is kind of a niche feature, though you could 
> implement it yourself if the library doesn't support it. 
> 
> Sent from my phone.  Please excuse brevity and typos.
> 
> On Jun 18, 2015, at 10:38, Frank Wang <[email protected] 
> <mailto:[email protected]>> wrote:
> 
>> Hi Thomas,
>> 
>> Yes. Sorry, my goal right now is that I have a key revocation scheme that I 
>> want to implement, involving elliptic curve addition, subtraction, and 
>> scalar multiplication (as well as hashing messages to the curve). I would 
>> like reasonable performance (so C does seem good) because I'm benchmarking 
>> it against AES. However, I'm willing to trade off some performance for ease 
>> of use.
>> 
>> TweetNacl seems to be designed primarily for ECDH and EC signatures rather 
>> than a general purpose elliptic curve library. I'm exploring alternatives.
>> 
>> Frank
>> 
>> On Thu, Jun 18, 2015 at 1:34 PM, Thomas DuBuisson 
>> <[email protected] <mailto:[email protected]>> wrote:
>> Frank,
>> A lot of recommendations are pouring in about C and Java libraries, on
>> top of which I'm tempted to recommend my own in Cryptol or one of the
>> Sage version out there, but none of us have heard about your actual
>> goal and needs.  Could you say more about how this code will be used
>> and what you hope to achieve?
>> 
>> Thomas
>> 
>> On Wed, Jun 17, 2015 at 2:16 PM, Frank Wang <[email protected] 
>> <mailto:[email protected]>> wrote:
>> > Hi,
>> >
>> > I am working on a research project at MIT, and I need to use elliptic 
>> > curves
>> > (or a group where DDH is hard, but elliptic curves seem like the best way 
>> > to
>> > go) to implement a cryptographic scheme. I've been trying to search for
>> > general Curve25519 and Ed25519 libraries where I can just do add and scalar
>> > multiply as well as hash messages to points. The best library I've come
>> > across so far is tweetnacl, which has the add and scalar multiply operation
>> > for Ed25519, but it's a bit difficult to use, and I end up modifying the
>> > library to do subtraction of points.
>> >
>> > I have yet to find a good library that allows me to just do operations on
>> > Ed25519 or Curve25519. Does such a library exist? If not, any tips on what 
>> > I
>> > should do? Should I just use another curve library that is better 
>> > supported?
>> > If so, any suggestions?
>> >
>> > Thanks,
>> > Frank
>> >
>> > _______________________________________________
>> > Curves mailing list
>> > [email protected] <mailto:[email protected]>
>> > https://moderncrypto.org/mailman/listinfo/curves 
>> > <https://moderncrypto.org/mailman/listinfo/curves>
>> >
>> 
>> _______________________________________________
>> Curves mailing list
>> [email protected] <mailto:[email protected]>
>> https://moderncrypto.org/mailman/listinfo/curves 
>> <https://moderncrypto.org/mailman/listinfo/curves>
> 

_______________________________________________
Curves mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/curves

Reply via email to