Hi,
my name is Nikolas Rösener - I am student at the Universität Bremen
currently writing my masters thesis on the topic of the performance of
curve model transformations.
In my opinion draft-struik-lwig-curve-representations-02 already
presents a great summary of the possible transformations for the
Curve25519-family of curves. I implemented the transformations in two
different libraries, as part of my performance evaluation, and had no
problems following the formulae in the draft.
In retrospect, I found that the following additional information would
have been very useful if I had attempted to implement the
transformations as part of a serious cryptographic primitive:
- Test Vectors
- Recommendations for (the relevance of) dealing with the special
cases (point-at-infinity etc.)
- Usages with co-factor Diffie-Hellmann (NIST SP 800-56a)
- Usages with ECDSA (FIPS Pub 186-4)
I had some further discussions with Rene on topics related to
retrofitting existing implementations with conversions (doing generic
modular reduction, providing transformation formulae for different
point formats, providing algorithms for recovering coordinates...).
The relevance of these of course depends on the direction the draft is
taking.
Oh, and - personal preference - but I also think it makes quite a
difference to the ease and speed of implementing an ecc algorithm if
it is provided as three-operand-code in addition to the mathematic
formula (like e.g. https://hyperelliptic.org/EFD/). The former reduces
cognitive load and risk of manual errors.
Best regards,
Nikolas Rösener
_______________________________________________
Lwip mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lwip
