Re: [openssl-dev] Are the point-at-infinity checks in ecp_nistz256 correct?

Brian Smith wrote: > The issue is particularly clear when we multiply the generator by > zero. Note that in general, an application shouldn't multiply the > generator by zero since there's no useful cryptographic purpose for > doing so. But, this is a convenient example.

Re: [openssl-dev] Are the point-at-infinity checks in ecp_nistz256 correct?

The issue is particularly clear when we multiply the generator by zero. Note that in general, an application shouldn't multiply the generator by zero since there's no useful cryptographic purpose for doing so. But, this is a convenient example. In the code we have, ecp_nistz256_gather_w7(,

Re: [openssl-dev] Are the point-at-infinity checks in ecp_nistz256 correct?

Brian Smith wrote: > When doing math on short Weierstrass curves like P-256, we have to > special case points at infinity. In Jacobian coordinates (X, Y, Z), > points at infinity have Z == 0. However, instead of checking for Z == > 0, p256-x86-64 instead checks for (X, Y)

Re: [openssl-dev] Are the point-at-infinity checks in ecp_nistz256 correct?

:sigh: I forgot the attachment with my test vectors. Here it is. On Tue, Jun 28, 2016 at 10:43 AM, Brian Smith wrote: > When doing math on short Weierstrass curves like P-256, we have to > special case points at infinity. In Jacobian coordinates (X, Y, Z), > points at

[openssl-dev] Are the point-at-infinity checks in ecp_nistz256 correct?

When doing math on short Weierstrass curves like P-256, we have to special case points at infinity. In Jacobian coordinates (X, Y, Z), points at infinity have Z == 0. However, instead of checking for Z == 0, p256-x86-64 instead checks for (X, Y) == (0, 0). In other words, it does, in some sense,