This repository has been archived by the owner on Nov 16, 2021. It is now read-only.
ed25519: double scalarmult fix - return full point #172
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ph4r05
force-pushed
the
ed25519-double-scalarmult
branch
from
f362d12 to
9c41c0f
Compare
|
Similar to |
This was referenced Aug 20, 2018
- return fully valid ed point
ph4r05
force-pushed
the
ed25519-double-scalarmult
branch
from
9c41c0f to
c64b97a
Compare
|
ACK |
|
Thx! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Double scalar multiplication returns fully valid ED point (Just one more multiplication).
Tcoordinate), not the partial.ge25519_scalarmult_base_nielsalready returns full point so it would make it more consistentcurve25519_mul, typically(64*const), one more before returning from the function is IMO small overhead.ge25519_scalarmultreturns partial point one cannot easily make it the full point because afterge25519_scalarmultreturns, the temporary point is not accessible. To make it full point much more expensive inversion would be needed.If you prefer not to add multiplication there is another alternative - a bit more difficult IMO. We would have to generalize scalarmult method to return
ge25519_p1p1point so we can make it both partial and full points. There would be then scalarmult method which is a simple wrapper for scalarmult returningge25519_p1p1and making a partial point from it.I personally like the proposed idea more because it is backward compatible change with small overhead, is consistent with scalarmult base and does not make API more complex.