Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Benoit Viguier
coqveriftweetnacl
Commits
5f33c4dc
Commit
5f33c4dc
authored
Jan 16, 2020
by
Benoit Viguier
Browse files
try explaining better the computation of n'
parent
12e23f72
Changes
1
Hide whitespace changes
Inline
Sidebyside
paper/2.2X25519.tex
View file @
5f33c4dc
...
@@ 11,13 +11,14 @@ The core of the X25519 keyexchange protocol is a scalar\hyp{}multiplication
...
@@ 11,13 +11,14 @@ The core of the X25519 keyexchange protocol is a scalar\hyp{}multiplication
function, which we will also refer to as X25519.
function, which we will also refer to as X25519.
This function receives as input two arrays of
$
32
$
bytes each.
This function receives as input two arrays of
$
32
$
bytes each.
One of them is interpreted as the littleendian encoding of a
One of them is interpreted as the littleendian encoding of a
nonnegative integer
$
n
$
(see
\ref
{
subsec:integerbytes
}
).
nonnegative
256bit
integer
$
n
$
(see
\ref
{
subsec:integerbytes
}
).
The other is interpreted as the littleendian encoding of
The other is interpreted as the littleendian encoding of
the
\xcoord
$
x
_
P
\in
\F
{
p
}$
of a point in
$
E
(
\F
{
p
^
2
}
)
$
,
the
\xcoord
$
x
_
P
\in
\F
{
p
}$
of a point in
$
E
(
\F
{
p
^
2
}
)
$
,
using the standard mapping of integers modulo
$
p
$
to elements in
$
\F
{
p
}$
.
using the standard mapping of integers modulo
$
p
$
to elements in
$
\F
{
p
}$
.
The X25519 function first computes a scalar
$
n'
$
by setting bit 255 of
$
n
$
The X25519 function first computes a scalar
$
n'
$
from
$
n
$
by setting
to
\texttt
{
0
}
, setting bit 254 to
\texttt
{
1
}
, and setting the lower 3 bits to
\texttt
{
0
}
.
bits at position 0, 1, 2 and 255 to
\texttt
{
0
}
; and to
\texttt
{
1
}
bit at
position 254.
This operation is often called ``clamping'' of the scalar
$
n
$
.
This operation is often called ``clamping'' of the scalar
$
n
$
.
Note that
$
n'
\in
2
^{
254
}
+
8
\{
0
,
1
,
\ldots
,
2
^{
251
}

1
\}
$
.
Note that
$
n'
\in
2
^{
254
}
+
8
\{
0
,
1
,
\ldots
,
2
^{
251
}

1
\}
$
.
X25519 then computes the
\xcoord
of
$
n'
\cdot
P
$
.
X25519 then computes the
\xcoord
of
$
n'
\cdot
P
$
.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment