On Wed, Jan 29, 2020 at 7:35 AM Trevor Perrin <tr...@trevp.net> wrote: > Some time I'll write a sequel to the "Generalizing EdDSA" post that > generalizes further and tries to fold in more of these emerging "best > practices". >
I'm very interested in that! I also wonder about Ed448 / Ed25519ph / Ed25519ctx which have some constant inputs when generating the nonce. Does that interfere when trying to protect against DPA attacks? (I've asked about this in https://crypto.stackexchange.com/questions/77260/protecting-ed448-against-dpa-and-fault-attacks , maybe I should ask here?) Conrado _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves