Re: google + bit of time == ecc curve that is better
 From: ggr@xxxxxxxxxxxxx (Greg Rose)
 Date: Wed, 26 Aug 2009 17:06:30 +0000 (UTC)
In article <fd958ce40e2d4e4a9ba0430de58cbc0d@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Tom St Denis <tom@xxxxxxx> wrote:
... The modulus in HEX is
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF13
Which is 2^192  237, meaning that reduction modulo this is
x == (x >> 192) + 237 * (x mod 2^192)
I think you have the '+' and '*' back to front.
Also, there is the possibility that x, after
multiplication, is too big, that is, the reduction
above still gives an answer bigger than 2^192. So
you have to do that reduction twice, or
conditionally (which opens up side channel
attacks). Then there is still the funky case where
reduction results in a number that's bigger than P
but smaller than 2^192.
I refer you to Figure 6.12 in that excellent book
"BigNum Math". ;)
Greg.

Greg Rose
232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au
.
 Prev by Date: Re: Password Mirror free software link
 Next by Date: Re: google + bit of time == ecc curve that is better
 Previous by thread: Re: google + bit of time == ecc curve that is better
 Next by thread: Re: google + bit of time == ecc curve that is better
 Index(es):
Relevant Pages
