<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
And I seem to recall that one bit is for compact representation.
That is, is y positive or negative. With p256, you have to transmit
x and y or deal with the compact representation patent.<br>
<br>
<div class="moz-cite-prefix">On 09/04/2018 08:00 AM, Kyle Hamilton
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPMEXDaWbA0MCAaiqfdz09G=yjpmX-T+1aKWpBWD1NOr7oGD3w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="auto">Probably because the definition of X25519 requires
that bits 0, 1, and 2 of the first byte of the private key are
set to 0 before being used, and OpenSSL counts the number of
bits including the highest-order set bit. (Really, there's an
additional 2 bits that are also set to known values: bit 6 of
the last byte is set, and bit 7 of the last byte is cleared. In
my view, this actually reduces the necessary brute-force search
space from 256 bits to 251 bits. However, literally any 32-byte
string can be used as a public key. Apparently, djb views this
as sufficient to call it a 256-bit strength function.)
<div dir="auto"><br>
</div>
<div dir="auto">For the specification, please see the subsection
entitled "Responsibilities of the User" in section 3 of <a
href="https://cr.yp.to/ecdh/curve25519-20060209.pdf"
moz-do-not-send="true">https://cr.yp.to/ecdh/curve25519-20060209.pdf</a>
.</div>
<div dir="auto"><br>
</div>
<div dir="auto">-Kyle H</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Sep 3, 2018, 22:29 M K Saravanan <<a
href="mailto:mksarav@gmail.com" moz-do-not-send="true">mksarav@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
When using openssl with X25519, why it shows the server temp
key as 253 bits?<br>
<br>
Example:<br>
<br>
---<br>
No client certificate CA names sent<br>
Peer signing digest: SHA256<br>
Peer signature type: RSA<br>
Server Temp Key: X25519, 253 bits<br>
---<br>
<br>
I thought Curve25519 is using 256 bit keys.<br>
<br>
Why 253 instead of 256?<br>
<br>
with regards,<br>
Saravanan<br>
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a
href="https://mta.openssl.org/mailman/listinfo/openssl-users"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>