# Re: google + bit of time == ecc curve that is better

*From*: ggr@xxxxxxxxxxxxx (Greg Rose)*Date*: Wed, 26 Aug 2009 17:06:30 +0000 (UTC)

In article <fd958ce4-0e2d-4e4a-9ba0-430de58cbc0d@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,

Tom St Denis <tom@xxxxxxx> wrote:

... The modulus in HEX is

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF13

Which is 2^192 - 237, meaning that reduction modulo this is

x == (x >> 192) + 237 * (x mod 2^192)

I think you have the '+' and '*' back to front.

Also, there is the possibility that x, after

multiplication, is too big, that is, the reduction

above still gives an answer bigger than 2^192. So

you have to do that reduction twice, or

conditionally (which opens up side channel

attacks). Then there is still the funky case where

reduction results in a number that's bigger than P

but smaller than 2^192.

I refer you to Figure 6.12 in that excellent book

"BigNum Math". ;-)

Greg.

--

Greg Rose

232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C

Qualcomm Australia: http://www.qualcomm.com.au

.

- Prev by Date:
**Re: Password Mirror free software link** - Next by Date:
**Re: google + bit of time == ecc curve that is better** - Previous by thread:
**Re: google + bit of time == ecc curve that is better** - Next by thread:
**Re: google + bit of time == ecc curve that is better** - Index(es):