On Sat, Mar 25, 2017 at 12:49 PM, Chiraag Juvekar <chiraag.juve...@gmail.com> wrote: > Hi all, > > I had a question about the scalar decompositions in FourQ and I was not sure > on who to ask. I hope that it is not out of place for this mailing list. I > wanted to avoid implementing the scalar decomposition logic for a > low-resource implementation. I was wondering if it is secure to directly > select the decomposed scalar as 4 random 64-bit numbers when running DH on > FourQ? I know for example that this is true in the context of \tau-adic > expansions for Koblitz curves where we can pick a random \tau-NAF directly > instead of implementing a converter.
For DH this should be fine. It isn't for signatures. > > -- > Chiraag > > _______________________________________________ > Curves mailing list > Curves@moderncrypto.org > https://moderncrypto.org/mailman/listinfo/curves > -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves