Re: google + bit of time == ecc curve that is better
- From: ggr@xxxxxxxxxxxxx (Greg Rose)
- Date: Wed, 26 Aug 2009 17:06:30 +0000 (UTC)
In article <fd958ce4-0e2d-4e4a-9ba0-430de58cbc0d@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Tom St Denis <tom@xxxxxxx> wrote:
... The modulus in HEX is
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF13
Which is 2^192 - 237, meaning that reduction modulo this is
x == (x >> 192) + 237 * (x mod 2^192)
I think you have the '+' and '*' back to front.
Also, there is the possibility that x, after
multiplication, is too big, that is, the reduction
above still gives an answer bigger than 2^192. So
you have to do that reduction twice, or
conditionally (which opens up side channel
attacks). Then there is still the funky case where
reduction results in a number that's bigger than P
but smaller than 2^192.
I refer you to Figure 6.12 in that excellent book
"BigNum Math". ;-)
Greg.
--
Greg Rose
232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au
.
- Prev by Date: Re: Password Mirror free software link
- Next by Date: Re: google + bit of time == ecc curve that is better
- Previous by thread: Re: google + bit of time == ecc curve that is better
- Next by thread: Re: google + bit of time == ecc curve that is better
- Index(es):
Relevant Pages
|
