Re: [curves] Fwd: Re: Fw: Aw: SPEKE using Curve25519 - elligator2 required or recommended?

On Wed, Oct 25, 2017 at 8:39 PM, Andy Isaacson wrote: > I'd like to understand this attack better (the description above is > pretty surprising to me), is there a canonical treatment or a phrase I > should look up in the literature? I don't know if there is a standard term

Re: [curves] Ed25519 "clamping" and its effect on hierarchical key derivation

On Mon, Mar 6, 2017 at 7:36 PM, Tony Arcieri wrote: > Ed25519 performs the following operations on private scalars immediately > prior to use: I assume the bytes of the scalar here is written least significant first; otherwise I can't make sense of your message. > scalar[0]

Re: [curves] libsecp256k1's novel(?) ECDSA verification optimization

On Wed, Mar 23, 2016 at 12:16 PM, Brian Smith wrote: > Hi, > > [I am not sure if boring topics like ECDSA are appropriate for this list. I > hope this is interesting enough.] It's no less useful for Schnorr (just even more obvious there), and in that case it permits a

Re: [curves] pure-python Ed25519 library for review

On Tue, Apr 7, 2015 at 6:55 PM, Brian Warner war...@lothar.com wrote: Of course it's very much not constant-time, and a lot slower than a C implementation. But a pure-python library is, in practice, much easier to depend upon than one that requires a C compiler. I applaud you for seeking