Chiraag Juvekar

2017-03-25 19:49:50 UTC

Hi all,

I had a question about the scalar decompositions in FourQ and I was not

sure on who to ask. I hope that it is not out of place for this mailing

list. I wanted to avoid implementing the scalar decomposition logic for a

low-resource implementation. I was wondering if it is secure to directly

select the decomposed scalar as 4 random 64-bit numbers when running DH on

FourQ? I know for example that this is true in the context of \tau-adic

expansions for Koblitz curves where we can pick a random \tau-NAF directly

instead of implementing a converter.

I had a question about the scalar decompositions in FourQ and I was not

sure on who to ask. I hope that it is not out of place for this mailing

list. I wanted to avoid implementing the scalar decomposition logic for a

low-resource implementation. I was wondering if it is secure to directly

select the decomposed scalar as 4 random 64-bit numbers when running DH on

FourQ? I know for example that this is true in the context of \tau-adic

expansions for Koblitz curves where we can pick a random \tau-NAF directly

instead of implementing a converter.

--

Chiraag

Chiraag