Hi all, I had a question about the scalar decompositions in FourQ and I was not sure on who to ask. I hope that it is not out of place for this mailing list. I wanted to avoid implementing the scalar decomposition logic for a low-resource implementation. I was wondering if it is secure to directly select the decomposed scalar as 4 random 64-bit numbers when running DH on FourQ? I know for example that this is true in the context of \tau-adic expansions for Koblitz curves where we can pick a random \tau-NAF directly instead of implementing a converter.
-- Chiraag
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves