Dear Thierry,
> I looked at the primary documents in the USPTO databases. The part that
> is missing from the US patent 8,369,213 (i.e. missing from the original
> filing and the European patent I suppose) is now in the pending patent
> application US-2013-0170642-a1.
>
No. That one contains o
On Sun, Jun 15, 2014 at 02:13:04PM +0100, ianG wrote:
>
> Or is this impossible to reconcile? If Certicom is patenting backdoors,
> the only plausible way I can think of this is that it intends to wield
> backdoors. Which means spying and hacking. Certicom is now engaged in
> the business of sp
> [0] I haven't found them for XSalsa as yet. Don't know about ChaCha.
>
They are both included in
http://bench.cr.yp.to/primitives-stream.html
with reference implementations and efficient implementaiton. The
supercop test framework (downloadable from eBACS) checks other
implementations
Dear Yuhao Huang,
>In Elliptic curve calculations, there are lots of modular inversions. And
>the prime is a fixed large number, say 256 bits.
>I wonder how I can optimize this operation, right now it takes a lot of
>time. Can any one point me to something?
>
For computing scalar mu
Dear Ian,
> Has anyone done any side channel analysis on phones?
>
On the constructive side you might want to check out NaCl for ARM (best
with NEON), e.g.
http://cryptojedi.org/crypto/#neoncrypto
which avoids all software side channel attacks. Not sure how you would
avoid cache attacks i
In reply to the latest postings:
Many submissions were faster than SHA-2 at the time of submission. Lots
of people had fun speeding up SHA-2 -- so the competition has definitely
led to a faster SHA-2.
Also, check out
http://bench.cr.yp.to/graph-sha3/long.png
to see that on CPUs Blake is
>> Who is selling exponentiation chips (in reasonably large quantities)
>> these days? Price and power consumption are important for this
>> application, but I need to be able to verify a few K RSA (or possibly
>> ECC) signatures/second.
>
> OTOH if you really do mean *verify* (rather than generat
