(correction to my tweet:) ... except that prime order is conceptually simpler and easier to use properly.
-
-
It's curious that the same arguments for using SafeCurves are now being applied for using "old curves" ;)
1 reply 1 retweet 1 like -
Replying to @conradoplg @bascule and
Only "old" in the sense of having prime order. Rigidity and transfers are new; efficient complete arithmetic is even newer than SafeCurves.
1 reply 0 retweets 2 likes -
Replying to @pbarreto @conradoplg and
I saw the Microsoft NUMS work on complete and efficient Weierstrass formulas. Do you have a more recent citation?
2 replies 0 retweets 0 likes -
Replying to @bascule @conradoplg and
Actually what I had in mind is the Renes-Costello-Batina paper from Eurocrypt 2016 (also here: http://ia.cr/2015/1060 ).
3 replies 1 retweet 6 likes -
Both have their advantages. The NUMS approach should be faster, but the Renes-Costello-Batina complete formulas are certainly more elegant.
2 replies 1 retweet 5 likes -
Replying to @PatrickLonga @pbarreto and
The important result from the NUMS work, IMO, was the explanation of why most additions can be made exception-free w/o complete formulas.
1 reply 1 retweet 5 likes -
Replying to @BRIAN_____ @PatrickLonga and
IMO we'd greatly benefit from a proof that the remaining unproven case is also exception-free.
1 reply 1 retweet 1 like -
-
Replying to @PatrickLonga @pbarreto and
“…one cannot show…that a current active point in the fixed-base scalar multiplication will not be the same (or have an opposite sign) as…"
2 replies 0 retweets 1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.