Re: Verifying Elliptic Curve Cryptography

Bill Allombert on Fri, 17 Feb 2017 21:17:32 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Verifying Elliptic Curve Cryptography

To: pari-users@pari.math.u-bordeaux.fr
Subject: Re: Verifying Elliptic Curve Cryptography
From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>
Date: Fri, 17 Feb 2017 21:17:30 +0100
Delivery-date: Fri, 17 Feb 2017 21:17:32 +0100
In-reply-to: <m3lgt4sqs0.fsf@jhcloos.com>
Mail-followup-to: pari-users@pari.math.u-bordeaux.fr
References: <m3lgt7t7iq.fsf@jhcloos.com> <20170215225339.GA7976@math.u-bordeaux.fr> <m3lgt4sqs0.fsf@jhcloos.com>
User-agent: Mutt/1.5.23 (2014-03-12)

On Fri, Feb 17, 2017 at 11:53:03AM -0500, James Cloos wrote:
> All,
> 
> Thanks for that.  I knew about (or at least had known about)
> ellfromeqn(), but stupidly didn't think of it. :(
> 
> I did have to set parisizemax to a large value in ~/.gprc to
> get ellcard() to work.

Yes for 512bit curve, you need at least 64M of stack, sometime more.

> The main benefits of the modern curves are that constant time
> implementations are straighforward, have reasonable performance.
> Avoiding things like points at infinity helps avoid input testing.  
> 
> That also means they are typically presented in Montgomery or
> Edwards form.  Or twists thereof.  But almost never in Weierstrass.

A tip: Use ??? to search the doc
? ???Edwards
ellfromeqn ellsea

Cheers,
Bill.

References:
- Verifying Elliptic Curve Cryptography
  - From: James Cloos <cloos@jhcloos.com>
- Re: Verifying Elliptic Curve Cryptography
  - From: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>
- Re: Verifying Elliptic Curve Cryptography
  - From: James Cloos <cloos@jhcloos.com>

Prev by Date: [no subject]
Next by Date: Problem running benchmark
Previous by thread: Re: Verifying Elliptic Curve Cryptography
Next by thread: Re: Verifying Elliptic Curve Cryptography
Index(es):
- Date
- Thread