Nikos Mavrogiannopoulos nmav@gnutls.org writes:
It seems it is being pushed forward and openssh even uses it by default now. There are implementations like [0] that nettle could take advantage to use that curve, but what I'm worried about is that the current interfaces to use this curve provide no agility.
I think you're more familier with its uses than I am. I'm thinking that it would be nice to have a
struct ecc_curve nettle_curve25519;
with the same operations (ecc_point_mul, etc), but maybe a very different implementation underneath.
Is that enough? It's not clear to me how people do signatures with curve25519, if that's plain ecdsa over a new curve, or something more or less different?
Will people also want djb's curve25519 function, defined with octet strings as input and output?
Are there any authoritative testvectors?
And about the "safe" curves listed at http://safecurves.cr.yp.to/, anything beyond curve25519 which is being deployed? M-383, Curve41417, M-511 or E-521?
Regards, /Niels