[openssl-users] X25519 - why openssl shows server temp key as 253 bits?
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Sep 4 22:23:26 UTC 2018
> On Sep 4, 2018, at 12:10 PM, Michael Richardson <mcr at sandelman.ca> wrote:
>
> My understanding is that you need x and y to do the computation.
> (And I observe this in code)
The Y coordinate is not needed for X25519 and X448 Diffie-Helman key agreement,
these operate on the X (sometimes called "u") coordinate only.
The Ed25519 and Ed448 algorithms do use compressed-encodings with one bit
used to disambiguate the choice of square-root for one of the coordinates.
With Edwards form the choice of which to to compress is arbitrary, the
curve is invariant under exchange of x and y or change of either sign.
https://tools.ietf.org/html/rfc8032#section-5.1.2
https://tools.ietf.org/html/rfc8032#section-5.2.2
--
--
Viktor.
More information about the openssl-users
mailing list