You might consider using Version3 of our AMCL library https://github.com/miracl/amcl
Includes a standard API for ECDSA, which requires the inverse calculation, so should be easy to re-use that code It supports multiple elliptic curves (all those mentioned here), and its simple to switch from one curve to another. Also its available in Go if that is what you like (and C, Rust, Java, Javascript and Swift) Mike Scott On Wed, May 31, 2017 at 1:27 AM, Max Skibinsky <m...@skibinsky.com> wrote: > my understanding of sphinx is that user is constructing *hash(password, > hash(password)^device_key)* in such way that user never sees *device_key* and > device never sees *hash(password). *That is achieved by sending > *hash(password)^p *with random *p *to device/server, which responds with > *hash(password)^(p*device_key) *and then user calculates > *hash(password)^(p*device_key)^1/p=**hash(password)^device_key* to get > final randomized password. > > Expanding on Alexey question: which curves/libs currently support > calculations of inverse (1/p) so that it is possible to restore > *hash(password)^device_key > ? *We run into this issue exactly while considering adding sphinx to our > crypto relays (which are completely on curve25519) > > - > max > vault12 > > <https://vault12.com/> > > blog <http://skibinsky.com/> > > *linkedin <http://bit.ly/max-li>* > > On Tue, May 30, 2017 at 3:37 PM, Mike Hamburg <m...@shiftleft.org> wrote: > >> Is it enough to use 8*r and 8*(r^-1 mod q) for this protocol? >> >> If not, or if you can’t prove it, you could always use my library at >> >> https://sourceforge.net/projects/ed448goldilocks/ >> >> It gives a prime-order quotient group of Ed448 and Curve25519, and it >> implements Elligator and division mod q. >> >> — Mike >> >> >> On May 30, 2017, at 3:31 PM, Alexey Ermishkin <scratch....@gmail.com> >> wrote: >> >> Thanks for pointing out at my mistakes and a very good explanation. I will >> continue to dig deeper >> >> _______________________________________________ >> Curves mailing list >> Curves@moderncrypto.org >> https://moderncrypto.org/mailman/listinfo/curves >> >> >> >> _______________________________________________ >> Curves mailing list >> Curves@moderncrypto.org >> https://moderncrypto.org/mailman/listinfo/curves >> >> > > _______________________________________________ > Curves mailing list > Curves@moderncrypto.org > https://moderncrypto.org/mailman/listinfo/curves > >
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves
