It appears Ofek got the help he needed here. https://github.com/pyca/cryptography/pull/3287
On Sat, Dec 3, 2016 at 6:08 PM Ofek Lev <[email protected]> wrote: > I understand for prime curves it is just `bytes(0x02 + flag) + bytes(x)` > where flag is the LSB of y. For the F2m curves I cannot make out how to do > it. > > IEEE P1363 > <http://grouper.ieee.org/groups/1363/IBC/material/P1363.3-D1-200805.pdf%20section%205.6.6.1.2> > section > 5.6.6.1.2 appears to say flag is '1 if y of point > y of inverse point else > 0' which I think just means `if y > x`. > > these slides > <http://cs.ucsb.edu/~koc/ccs130h/projects/03-ecc-protocols/Julio_Slides.pdf> > (slide > 15) by Julio Lopez and Ricardo Dahab appear to suggest my interpretation of > the IEEE method is off (I think). > > http://www.secg.org/sec1-v2.pdf > <http://www.secg.org/sec1-v2.pdf%20section%202.3.3%20part%202.2.2> (which > I think is the standard reference) section 2.3.3 part 2.2.2 has yet another > notation that I do not understand. > > I was told there are multiple ways. Can someone please explain the most > *standard* (or easiest) way requiring size m + 1, preferably from a > programmer's perspective? This math is beyond me :) > > Any insight would be greatly appreciated. > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves >
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
