ni...@lysator.liu.se (Niels Möller) writes:
> I think the point multiplication functions were written under the
> assumption that the scalar should be less than the group order.
> Docs could perhaps be improved on that.
>
> But I don't known now exactly how it fails. It's good you get the
>
Daiki Ueno writes:
> It seem that it is not possible to implement this check with the
> Nettle's public API. The attached patch naively multiplies Q by n but
> it causes the valgrind errors below.
I think the point multiplication functions were written under the
assumption that the scalar
Hello,
SP800-56A (revision 3) section 5.6.2.3.3 now mandates a check that the
generated public key (Q) multiplied by the curve order (n) results in an
identity element (= an infinity point).
It seem that it is not possible to implement this check with the
Nettle's public API. The attached patch
