You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After discussion with @Daeinar , there seems to be a need to clean up the group/-directory (again). As this is a backward-incompatible change, I don't know how and when this change should go in. But we should discuss it...
The question came up with ByzGen about our use of Curve25519. This curve can be represented in two different ways:
The two representations are isogenic, which means that you can get from one representation to the other with a change of coordinates.
The two (three) curve25519 implementation in kyber are as follows:
Ed25519 in group/ed25519 is either constant-time, or variable-time, Twisted Edwards Curve implementation
Curve25519 in group/curve25519 is a variable-time, Twisted Edwards Curve implementation
As of 2019, it seems that a consensus is materializing, where Edwards25519 refers to the Twisted Edwards representation, while Curve25519 refers to the Montgomery representation.
Additionally, the nist package holds only the p256 curve.
This is why we propose to:
Keep Ed25519 as is
Change the name of Curve25519, or remove it, and keep only the additional curves in there
Change the nist package to p256
Add a Montgomery representation of Curve25519 to the repo and call this one Curve25519
The text was updated successfully, but these errors were encountered:
After discussion with @Daeinar , there seems to be a need to clean up the
group/-directory (again). As this is a backward-incompatible change, I don't know how and when this change should go in. But we should discuss it...The question came up with ByzGen about our use of Curve25519. This curve can be represented in two different ways:
The two representations are isogenic, which means that you can get from one representation to the other with a change of coordinates.
The two (three) curve25519 implementation in kyber are as follows:
Ed25519ingroup/ed25519is either constant-time, or variable-time, Twisted Edwards Curve implementationCurve25519ingroup/curve25519is a variable-time, Twisted Edwards Curve implementationAs of 2019, it seems that a consensus is materializing, where
Edwards25519refers to the Twisted Edwards representation, whileCurve25519refers to the Montgomery representation.Additionally, the
nistpackage holds only thep256curve.This is why we propose to:
Ed25519as isCurve25519, or remove it, and keep only the additional curves in therenistpackage top256Curve25519to the repo and call this oneCurve25519The text was updated successfully, but these errors were encountered: