On Fri, Jan 31, 2014 at 8:16 AM, Niels Möller nisse@lysator.liu.se wrote:
I think you're more familier with its uses than I am. I'm thinking that it would be nice to have a struct ecc_curve nettle_curve25519; with the same operations (ecc_point_mul, etc), but maybe a very different implementation underneath.
That sounds very good.
Is that enough? It's not clear to me how people do signatures with curve25519, if that's plain ecdsa over a new curve, or something more or less different?
No signatures. It is only used for ECDH.
Will people also want djb's curve25519 function, defined with octet strings as input and output?
I don't know. I am mostly interested for: https://tools.ietf.org/html/draft-josefsson-tls-curve25519-04
which includes a test vector.
And about the "safe" curves listed at http://safecurves.cr.yp.to/, anything beyond curve25519 which is being deployed? M-383, Curve41417, M-511 or E-521?
There is some discussion in CFRG which will probably end-up in a draft but I don't really follow up.
regards, Nikos