Re: ECC point compression trick
- From: "Tom St Denis" <tomstdenis@xxxxxxxxx>
- Date: 28 Jun 2006 08:55:41 -0700
Paul Rubin wrote:
"Tom St Denis" <tomstdenis@xxxxxxxxx> writes:
Why not always just use the positive root [adjusting your secret
multiplier as required since (-k)P == k(-P)].
In a finite field I'm not sure how you want to specify which root
is "positive".
If you compute the root [e.g. for 3 mod 4 primes via exponentiation]
then the value will either be the root or you have to negate that to
get the root.
The latter is the "negative root".
You still have to compute the root to find y but now you don't even
send the one bit. You just send x.
You can already do that. See:
http://cr.yp.to/patents/us/6141420.html
IIRC he's dealing with a OEF curve and as such is using a montgomery
ladder algorithm which only uses the x-coord. I don't know if you can
do the same for the GF(p) curves that NIST specifies.
Tom
.
- Follow-Ups:
- Re: ECC point compression trick
- From: Bodo Moeller
- Re: ECC point compression trick
- References:
- ECC point compression trick
- From: Tom St Denis
- Re: ECC point compression trick
- From: Paul Rubin
- ECC point compression trick
- Prev by Date: Re: http://leopard.uk.com
- Next by Date: Re: ECC point compression trick
- Previous by thread: Re: ECC point compression trick
- Next by thread: Re: ECC point compression trick
- Index(es):
Relevant Pages
|
|
