> On Sep 4, 2018, at 12:10 PM, Michael Richardson wrote:
>
> My understanding is that you need x and y to do the computation.
> (And I observe this in code)
The Y coordinate is not needed for X25519 and X448 Diffie-Helman key agreement,
these operate on the X (sometimes called "u") coordinate
Robert Moskowitz wrote:
> A curve point needs an x and a y. But do you need the y for the
> computation. Do you only need its sign? I don't know. I am not a
> mathematician.
My understanding is that you need x and y to do the computation.
(And I observe this in code)
However,
With curve25519, the scalar multiplication function:
(x, y) -> n * (x, y) = (x', y') -> x'
has the property that for valid points on the extended curve (degree
two extension of F(p) that gives a y for every x in F(p)), x' depends
only on x, and can be effectively computed from x alone, and
On 04/09/2018 16:24, Robert Moskowitz wrote:
My source is Dr. Lange at the IETF meeting in Toronto when the IETF
selected EC25519.
A curve point needs an x and a y. But do you need the y for the
computation. Do you only need its sign? I don't know. I am not a
mathematician.
I may have
My source is Dr. Lange at the IETF meeting in Toronto when the IETF
selected EC25519.
A curve point needs an x and a y. But do you need the y for the
computation. Do you only need its sign? I don't know. I am not a
mathematician.
I may have misunderstood her at the time.
On 09/04/2018
On 04/09/2018 15:43, Robert Moskowitz wrote:
And I seem to recall that one bit is for compact representation. That
is, is y positive or negative. With p256, you have to transmit x and
y or deal with the compact representation patent.
Not sure if this applies do X25519 and Ed255 which use
And I seem to recall that one bit is for compact representation. That
is, is y positive or negative. With p256, you have to transmit x and y
or deal with the compact representation patent.
On 09/04/2018 08:00 AM, Kyle Hamilton wrote:
Probably because the definition of X25519 requires that
Probably because the definition of X25519 requires that bits 0, 1, and 2 of
the first byte of the private key are set to 0 before being used, and
OpenSSL counts the number of bits including the highest-order set bit.
(Really, there's an additional 2 bits that are also set to known values:
bit 6 of
Hi,
When using openssl with X25519, why it shows the server temp key as 253 bits?
Example:
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
I thought Curve25519 is using 256 bit keys.
Why 253 instead of 256?
