libgcrypt: Elliptic Curve Points Compact Representation
Yann Garcia
yann.garcia at fscom.fr
Tue Nov 6 07:02:55 CET 2018
Hello Gniibe,
Many thanks for the link.
Best regards,
Yann Garcia
Senior Software Engineer
Microsoft MCAD.net Certified
**************************************
FSCOM SARL
Le Montespan B2
6,
<https://maps.google.com/?q=6,%C2%A0+Avenue+des+Alpes&entry=gmail&source=g>
Avenue des Alpes
<https://maps.google.com/?q=6,%C2%A0+Avenue+des+Alpes&entry=gmail&source=g>
F-06600 Antibes, FRANCE
************************************************
Tel: +33 (0)4 92 94 49 08
Mobile: +33 (0)6 68 94 57 76
Email: *yann.garcia at fscom.fr <yann.garcia at fscom.fr>*
Skype: yann.garcia
Google+: garcia.yann at gmail.com
On Tue, 6 Nov 2018 at 00:55, NIIBE Yutaka <gniibe at fsij.org> wrote:
> Hello,
>
> I don't know any about IEEE 1609.2, so, my explanation may be completely
> wrong...
>
> Yann Garcia <yann.garcia at fscom.fr> wrote:
> > This standard uses extensively the canonical form which is defined by
> using
> > compact representation of public x,y keys.
> >
> > My trouble is how can I retrieve the private and uncompressed public keys
> > when only the y key sign (LSB bit is 0 or 1) and the x public key is
> > provided?
> >
> > NOTE: The Nist P-256 ECC curve is used.
>
> The appropriate Weierstrass equation can determince Y. It's:
>
> y^2 = x^3 + a*x + b
>
> Given x, you can compute x^3 + a*x + b, which should be y^2, then, in
> the range of (-p,p) there are two values for such y (you can get one by
> sqrt function). Among two, you can choice y by sign information.
>
> In the context of libgcrypt, we adopt the technique for
> choosing y with no sign information:
>
> https://www.ietf.org/archive/id/draft-jivsov-ecc-compact-05.txt
>
> And... for detail, this document helps, I suppose.
> --
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20181106/6b0ad70b/attachment.html>
More information about the Gcrypt-devel
mailing list