Hello Van Gegel,
You must select sign(v), the sign of the square root, and bit 255 all at
random, and the point can’t be confined to a subgroup of curve25519.
But also, this is for a PAKE right? I thought you were implementing a
two-point EKE to avoid Elligator. If you’re implementing
Hello, Messaging!
I'm trying to adapt Elligator2 p2r() to the uNaCl X25519 library for embedded
systems.
The original p2r() uses the sign(v) to select between sqrt(-u/(2(u+A))) and
sqrt(-(u+A)/(2u))) .
But X25519 point has no v ( sign(v) is always assumed to be 0 ).
Can I use sign(v)=0 or
