Bill Allombert on Fri, 17 Feb 2017 21:17:32 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Verifying Elliptic Curve Cryptography

On Fri, Feb 17, 2017 at 11:53:03AM -0500, James Cloos wrote:
> All,
> Thanks for that.  I knew about (or at least had known about)
> ellfromeqn(), but stupidly didn't think of it. :(
> I did have to set parisizemax to a large value in ~/.gprc to
> get ellcard() to work.

Yes for 512bit curve, you need at least 64M of stack, sometime more.

> The main benefits of the modern curves are that constant time
> implementations are straighforward, have reasonable performance.
> Avoiding things like points at infinity helps avoid input testing.  
> That also means they are typically presented in Montgomery or
> Edwards form.  Or twists thereof.  But almost never in Weierstrass.

A tip: Use ??? to search the doc
? ???Edwards
ellfromeqn ellsea