Thanks a lot Trevor, this was a great write up. One more question
On Nov 7, 2016, at 12:51 AM, Trevor Perrin <tr...@trevp.net<mailto:tr...@trevp.net>> wrote: However, cofactor>1 can still have subtle and unexpected effects, e.g. see security considerations about "equivalent" public keys in RFC 7748, which is relevant to the cofactor multiplication "cV" in VXEdDSA, or including DH public keys into "AD" in Signal's (recently published) X3DH [3]. may you shed some more light about this? What is the algorithm to find and “equivalent” public key? regards antonio
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves