Hi Frank, My library supports hashing to the curve, as do Snowshoe [*] and Libelligator [+], and not much else that I’m aware of. Especially if you want it to be constant time and/or fast. I’d bet that some of the other fancy libraries like PBC and MIRACL have it though.
I somehow misread your original message as “hashing points”. Cheers, — Mike [*] https://github.com/catid/snowshoe <https://github.com/catid/snowshoe> by Christopher A Taylor It’s pretty fast and uses a 254-bit field. It doesn’t export point operations, but since it’s an Edwards curve it should be reasonably safe to use the internal APIs. [+] https://github.com/Yawning/libelligator <https://github.com/Yawning/libelligator> I found this by Googling. It looks to be based on Donna. > On Jun 18, 2015, at 11:01 AM, Frank Wang <[email protected]> wrote: > > Hi Mike, > > Well, I want a way to translate a n-bit message to a point on the curve. My > understanding is that it's easiest to hash it to the curve, but I could just > be confused. > > Does your library not support hashing to the curve? > > Frank > > On Thu, Jun 18, 2015 at 1:50 PM, Mike Hamburg <[email protected] > <mailto:[email protected]>> wrote: > Wait, do you want to hash messages to the curve, or just be able to hash > curve points? The former is kind of a niche feature, though you could > implement it yourself if the library doesn't support it. > > Sent from my phone. Please excuse brevity and typos. > > On Jun 18, 2015, at 10:38, Frank Wang <[email protected] > <mailto:[email protected]>> wrote: > >> Hi Thomas, >> >> Yes. Sorry, my goal right now is that I have a key revocation scheme that I >> want to implement, involving elliptic curve addition, subtraction, and >> scalar multiplication (as well as hashing messages to the curve). I would >> like reasonable performance (so C does seem good) because I'm benchmarking >> it against AES. However, I'm willing to trade off some performance for ease >> of use. >> >> TweetNacl seems to be designed primarily for ECDH and EC signatures rather >> than a general purpose elliptic curve library. I'm exploring alternatives. >> >> Frank >> >> On Thu, Jun 18, 2015 at 1:34 PM, Thomas DuBuisson >> <[email protected] <mailto:[email protected]>> wrote: >> Frank, >> A lot of recommendations are pouring in about C and Java libraries, on >> top of which I'm tempted to recommend my own in Cryptol or one of the >> Sage version out there, but none of us have heard about your actual >> goal and needs. Could you say more about how this code will be used >> and what you hope to achieve? >> >> Thomas >> >> On Wed, Jun 17, 2015 at 2:16 PM, Frank Wang <[email protected] >> <mailto:[email protected]>> wrote: >> > Hi, >> > >> > I am working on a research project at MIT, and I need to use elliptic >> > curves >> > (or a group where DDH is hard, but elliptic curves seem like the best way >> > to >> > go) to implement a cryptographic scheme. I've been trying to search for >> > general Curve25519 and Ed25519 libraries where I can just do add and scalar >> > multiply as well as hash messages to points. The best library I've come >> > across so far is tweetnacl, which has the add and scalar multiply operation >> > for Ed25519, but it's a bit difficult to use, and I end up modifying the >> > library to do subtraction of points. >> > >> > I have yet to find a good library that allows me to just do operations on >> > Ed25519 or Curve25519. Does such a library exist? If not, any tips on what >> > I >> > should do? Should I just use another curve library that is better >> > supported? >> > If so, any suggestions? >> > >> > Thanks, >> > Frank >> > >> > _______________________________________________ >> > Curves mailing list >> > [email protected] <mailto:[email protected]> >> > https://moderncrypto.org/mailman/listinfo/curves >> > <https://moderncrypto.org/mailman/listinfo/curves> >> > >> >> _______________________________________________ >> Curves mailing list >> [email protected] <mailto:[email protected]> >> https://moderncrypto.org/mailman/listinfo/curves >> <https://moderncrypto.org/mailman/listinfo/curves> >
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
