[Cryptography] Edwards curves are just ellipses - and why ECC works
Bill Cox
waywardgeek at gmail.com
Sun Oct 4 11:29:11 EDT 2015
On Sun, Oct 4, 2015 at 6:50 AM, Peter Fairbrother <peter at m-o-o-t.org> wrote:
> On 03/10/15 00:15, Bill Cox wrote:
> [...]
>
>> It turns out that anyone can trivially create "addition laws" to create
>> new ways to add "group elements" together, forming an "Abelian group ".
>> Here's how:
>>
>> 1) Pick _any_ one-to-one function, so that an inverse exists, even if it
>> is hard to compute, Call this function F, and it's inverse Finv.
>> 2) Write out the function G(a, b) = Finv(F(a) + F(b)). This is the
>> "group addition law" that shows how to add elements of the group.
>>
>
>
> There is a bit more to it
>
I left out some details, trying not to overwhelm the reader. Yes, you need
F(a) + F(b) to be in the range of F. The identity element is simply
Finv(0), so 0 has to be in the domain as well. Given that, it's a group
addition law.
By the way, I also just showed that the Y coordinate in the Edward's
addition law is simply cn/dn from the ancient addition law. This means I
can simplify the ancient law as follows:
s3 = (s1(c2/d2) + s2)/(1 + ds1(c1/s1)s2(c2/d2)
c3/d3 = ((c1/d1)(c2/d2) - s1s2)/(1 - ds1(c1/d1)s2(c2/d2))
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151004/d1bc50c1/attachment.html>
More information about the cryptography
mailing list