23 May
2019
23 May
'19
11:07 p.m.
On Thursday, May 23, 2019 3:54:08 PM PDT, Wim Lewis wrote:
One motivation for putting this code into Hogweed is that the common curves (P-256, -384, -512) all have primes which allow using a simple shortcut for computing square roots instead of using a general algorithm. If this is true for P-192 and P-224 as well (I haven't checked) then I can safely avoid writing the general algorithm at all. :)
Ah, sadly P-224 is an exception.
This document does have optimized square root algorithms for each of the curves, including P-224:
https://apps.nsa.gov/iaarchive/library/ia-guidance/ia-solutions-for-classifi...
and also references a paper by djb on efficiently computing square roots in "annoying" prime fields such as P-224's.