https://www.ietf.org/mail-archive/web/cfrg/current/msg05619.html
-- Thomas Ptacek 312-231-7805 On April 1, 2016 at 12:37:30 PM, Ron Garret (r...@flownet.com) wrote: One of the motivations for using curve25519 is supposedly its transparency in terms of not having any weird parameters of unknown provenance that could conceal weaknesses. But there is one weird number in the curve25519 spec, the coefficient of x^2, which is 486662. That number seems to have been pulled out of a hat. The only condition on it is that A^2-4 is not a square in 2^255-19. But 486662 is far from the smallest number that meets that conditions. That would be (AFAICT) 5. So why 486662? rg _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves
