[cryptography] Supersingular Isogeny DH
coderman
coderman at gmail.com
Thu Jul 9 01:24:12 PDT 2015
On 7/8/15, Marcel <tiepelt at dev-nu11.de> wrote:
> ...
> So my question is, why do i need to random values m_A and n_A to compute
> the torsiongroup E[l_A] and respectively the kernel K_A ?
>
> Why does is not suffice to use only 1 point to generate E[l_A] and
> Kernel K_A ?
it is late, and i may mis understand,
yet the two are requisite for peers arriving at a shared secret by way
of these constructed isogeny; and the random values necessary to not
give too much (confirm secret values, without exposing secret values)
i found this paper a helpful expansion on the subject:
http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf
"In this paper, we mainly explore the efficiency of implementing recently
proposed isogeny-based post-quantum public key cryptography..."
specifically the graph on page 5. note that the key exchange relies on
finding a path connecting vertices in a graph of supersingular
isogenies - thus a pair on both ends, not just a pair arrived at among
both participants.
if this is clear as mud, i will try tomorrow on a fresh brain :)
best regards,
More information about the cypherpunks
mailing list