ietf-openpgp
[Top] [All Lists]

Re: AW: Reasons to include ECC to our charter

2001-09-04 11:38:19

Dominikus Scherkl <Dominikus(_dot_)Scherkl(_at_)biodata(_dot_)com>:

Certicom may have.  Specifically, Certicom claims to have a patent
application covering point compression, and noone else really knows
what is in it.  So it may be prudent to avoid compressed point
representations.

I agree to this. Also from a mathematical point of view compression is
somewhat unfortunate, because no proper algorithm for curves over odd
extension fields has been developed.

Algorithms for computing square roots in odd-characteristic extension
fields do exist (see chapter 7 in Sachar Paulus, "Algorithmen für
endliche abelsche Gruppen", Diplomarbeit, Unversität des Saarlandes,
1993), but none of the current specifications (such as the IEEE P1363a
drafts) defines what the compression bit should look like.  I think
the most obvious choice would be, given a polynomial representation of
a non-zero field element with coefficients in the underlying prime
field, to find the lowest-indexed non-zero coefficient and use its
LSB.