Author: second isogeny 2014-08-10 00:34:19
Published on: 2014-08-10T00:34:19+00:00
There are concerns about the security of a proposed change, as it is less secure and incompatible with existing implementations of the specification. This incompatibility could cause users to believe a key is worthless or lose funds when unable to spend them. The proposal would also be inconsiderate to other parties who have done work to produce correct and compatible implementations. Furthermore, the proposed change would make the selection of private keys uneven, which is objectively less secure. This could potentially create a devastating weakness if an incorrect implementation reflects a large class of keys to a small number of values. Additionally, there are many corner cases that must be handled in cryptographic software, such as handling the point at infinity cases, handling zero-value signatures (which could leak the private key), and handling the special case of adding colinear points. While unit-testing can test the complex additional logic required for the bignum modulo operation, there may not be a suitable modulo available due to layering. Those unprepared to deal with these complications should perhaps leave writing this kind of software for other people.
Updated on: 2023-06-09T02:06:53.514583+00:00