top | item 36579065 (no title) bembo | 2 years ago Isn't P always the same? Or is it shared before the exchange?Edit: just looked it up and the base point for curve25519 is x=9 so no point in recovering it. discuss order hn newest syncsynchalt|2 years ago In modern curves P is set in stone head of time.In the early days of EC you were able to pick a custom base point, and then it was found that this could leak information in various ways. It’s not allowed in modern curves or implementations. 1aqp|2 years ago Sorry, I wrote that comment too quickly. It is close to impossible to recover ka, kb and ka.kb.P, even given A=ka.P, B=kb.P and P.
syncsynchalt|2 years ago In modern curves P is set in stone head of time.In the early days of EC you were able to pick a custom base point, and then it was found that this could leak information in various ways. It’s not allowed in modern curves or implementations.
1aqp|2 years ago Sorry, I wrote that comment too quickly. It is close to impossible to recover ka, kb and ka.kb.P, even given A=ka.P, B=kb.P and P.
syncsynchalt|2 years ago
In the early days of EC you were able to pick a custom base point, and then it was found that this could leak information in various ways. It’s not allowed in modern curves or implementations.
1aqp|2 years ago