On Thursday, May 23, 2019 3:54:08 PM PDT, Wim Lewis wrote:
One motivation for putting this code into Hogweed is that the
common curves (P-256, -384, -512) all have primes which allow
using a simple shortcut for computing square roots instead of
using a general algorithm. If this is true for P-192 and P-224
as well (I haven't checked) then I can safely avoid writing the
general algorithm at all. :)
Ah, sadly P-224 is an exception.
This document does have optimized square root algorithms for each of the
curves, including P-224:
https://apps.nsa.gov/iaarchive/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/mathematical-routines-for-the-nist-prime-elliptic-curves.cfm
and also references a paper by djb on efficiently computing square roots in
"annoying" prime fields such as P-224's.
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
