|Bill Allombert on Fri, 17 Feb 2017 21:17:32 +0100|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: Verifying Elliptic Curve Cryptography|
On Fri, Feb 17, 2017 at 11:53:03AM -0500, James Cloos wrote: > All, > > Thanks for that. I knew about (or at least had known about) > ellfromeqn(), but stupidly didn't think of it. :( > > I did have to set parisizemax to a large value in ~/.gprc to > get ellcard() to work. Yes for 512bit curve, you need at least 64M of stack, sometime more. > The main benefits of the modern curves are that constant time > implementations are straighforward, have reasonable performance. > Avoiding things like points at infinity helps avoid input testing. > > That also means they are typically presented in Montgomery or > Edwards form. Or twists thereof. But almost never in Weierstrass. A tip: Use ??? to search the doc ? ???Edwards ellfromeqn ellsea Cheers, Bill.