Commit ccfeb083 authored by Mike Hamburg's avatar Mike Hamburg
Browse files

adjust history.txt. Also, that last fix on RDRAND is thanks to John Mark Gurney.

parent 39ca07a0
March 1, 2015:
While by no means complete or stable, I've done most of the ground
work to implement the "Decaf" point encoding. This point encoding
essentially divides the cofactor by 4, turning Goldilocks (or
Ridinghood or E-521) into a prime-order group. Furthermore, like
the Goldilocks encoding, this encoding avoids incompleteness in
the twisted Edwards formulas with a=-1 by sticking to the order-2q
subgroup.
Because the group is prime order, and because the "isogeny strategy"
is not needed, the decaf API can be very simple. I'm still working
on exactly what it should be though. The goal is to have a single-
file (or a few files) for a "ref" version, which is designed for
auditability. The ref version won't be quite so simple as TweetNaCl,
but nearly so simple and much better commented. Then there can also
be an optimized version, perhaps per-platform, which is as fast as
the original Goldilocks code but hopefully still simpler.
I'm experimenting with SHAKE as the hash function here. Possibly I
will also add Keyak as an encryption primitive, so that everything
can be based on Keccak-f, but I'm open to suggestions. For example,
if there's a way to make BLAKE2 as simple and useful as SHAKE
(including in oversized curves like E-521), then the extra speed
would certainly be welcome.
October 27, 2014:
Added more support for >512-bit primes. Changed shared secret
to not overflow the buffer in this case. Changed hashing to
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment