Thank you for sharing this Mike. looks like a great lib, quite a delight to find both Swift and Rust implementation.
- max vault12 <https://vault12.com/> blog <http://skibinsky.com/> *linkedin <http://bit.ly/max-li>* On Wed, May 31, 2017 at 1:21 AM, Michael Scott <mike.sc...@miracl.com> wrote: > You might consider using Version3 of our AMCL library > > https://github.com/miracl/amcl > > Includes a standard API for ECDSA, which requires the inverse calculation, > so should be easy to re-use that code > > It supports multiple elliptic curves (all those mentioned here), and its > simple to switch from one curve to another. > > Also its available in Go if that is what you like (and C, Rust, Java, > Javascript and Swift) > > > Mike Scott > > > > On Wed, May 31, 2017 at 1:27 AM, Max Skibinsky <m...@skibinsky.com> wrote: > >> my understanding of sphinx is that user is constructing *hash(password, >> hash(password)^device_key)* in such way that user never sees *device_key* and >> device never sees *hash(password). *That is achieved by sending >> *hash(password)^p *with random *p *to device/server, which responds with >> *hash(password)^(p*device_key) *and then user calculates >> *hash(password)^(p*device_key)^1/p=**hash(password)^device_key* to get >> final randomized password. >> >> Expanding on Alexey question: which curves/libs currently support >> calculations of inverse (1/p) so that it is possible to restore >> *hash(password)^device_key >> ? *We run into this issue exactly while considering adding sphinx to our >> crypto relays (which are completely on curve25519) >> >> - >> max >> vault12 >> >> <https://vault12.com/> >> >> blog <http://skibinsky.com/> >> >> *linkedin <http://bit.ly/max-li>* >> >> On Tue, May 30, 2017 at 3:37 PM, Mike Hamburg <m...@shiftleft.org> wrote: >> >>> Is it enough to use 8*r and 8*(r^-1 mod q) for this protocol? >>> >>> If not, or if you can’t prove it, you could always use my library at >>> >>> https://sourceforge.net/projects/ed448goldilocks/ >>> >>> It gives a prime-order quotient group of Ed448 and Curve25519, and it >>> implements Elligator and division mod q. >>> >>> — Mike >>> >>> >>> On May 30, 2017, at 3:31 PM, Alexey Ermishkin <scratch....@gmail.com> >>> wrote: >>> >>> Thanks for pointing out at my mistakes and a very good explanation. I >>> will >>> continue to dig deeper >>> >>> _______________________________________________ >>> Curves mailing list >>> Curves@moderncrypto.org >>> https://moderncrypto.org/mailman/listinfo/curves >>> >>> >>> >>> _______________________________________________ >>> Curves mailing list >>> Curves@moderncrypto.org >>> https://moderncrypto.org/mailman/listinfo/curves >>> >>> >> >> _______________________________________________ >> Curves mailing list >> Curves@moderncrypto.org >> https://moderncrypto.org/mailman/listinfo/curves >> >> > > _______________________________________________ > Curves mailing list > Curves@moderncrypto.org > https://moderncrypto.org/mailman/listinfo/curves > >
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves