Less Leaky ECDSA signature generation (in master)
Ian Goldberg
ian at cypherpunks.ca
Fri Mar 28 14:11:02 CET 2025
On Fri, Mar 28, 2025 at 10:21:43AM +0900, NIIBE Yutaka via Gcrypt-devel wrote:
> While, arbitrary integers can be represented in the MPI representation,
> for a specific curve, the finite field is the one of integers module P
> (P: a prime defined by the curve). Thus, for an ECC point, we can keep
> the integer value in the range from 0 to P-1. For an intermediate value
> of integer (like multiplication), 2*P is enough size.
Do you mean P^2, not 2*P, as the bound of the intermediate result of a
multiplication?
More information about the Gcrypt-devel
mailing list