Michael Rogers (at Monday, January 13, 2014, 12:13:44 PM): >> unlucky curves lead to an implementation nightmare
> If I'm stuck with an 'unlucky' curve for > reasons of compatibility, can you give me any advice about checking > the implementation for the problems you mention absolutely not, because i just talk the talk, but don't walk the walk. you probably know more about those pitfalls than i do. i'm a math dummy. what i know is that there are special cases, like adding P to P, P to -P, adding 0 or 1, or adding any "negative" (whatever that means) elements. i don't know how many such special cases exist. i also don't know how many of these are covered by a certain ladder. some of these special additions will never occur in real world scenarios (why would you add 1?), so testing won't reveal them. but what happens if an attacker can force such a scenario? so i fear you need to find a better aid than me. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
