(Background: I'd been confused by not getting the results I expected from
ecc_mod_sqr(), etc., and wrote to Niels Möller to ask about it)
On Saturday, May 25, 2019 1:15:27 AM PDT, Niels Möller wrote:
The thing is, ->reduce will be either a mod operation or a montgomery
redc operation, depending on what seemed most efficient for the
particular curve. So here you get a result equal to c^2 2^{-256} (mod
p).
Ahh! That makes more sense. (I had glossed over the references to
Montgomery multiplication, probably because I had it confused with
Karatsuba multiplication.)
Now that I look for it, I see the conditional conversion to Montgomery
representation in routines like ecc_a_to_j() and ecc_j_to_a().
Thanks,
Wim.
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
