From ccfeb083a7e91cdf159eed0d86870b8927d07616 Mon Sep 17 00:00:00 2001 From: Mike Hamburg Date: Sun, 1 Mar 2015 13:31:12 -0800 Subject: [PATCH] adjust history.txt. Also, that last fix on RDRAND is thanks to John Mark Gurney. --- HISTORY.txt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/HISTORY.txt b/HISTORY.txt index 983cbcb..fbf5c71 100644 --- a/HISTORY.txt +++ b/HISTORY.txt @@ -1,3 +1,28 @@ +March 1, 2015: + While by no means complete or stable, I've done most of the ground + work to implement the "Decaf" point encoding. This point encoding + essentially divides the cofactor by 4, turning Goldilocks (or + Ridinghood or E-521) into a prime-order group. Furthermore, like + the Goldilocks encoding, this encoding avoids incompleteness in + the twisted Edwards formulas with a=-1 by sticking to the order-2q + subgroup. + + Because the group is prime order, and because the "isogeny strategy" + is not needed, the decaf API can be very simple. I'm still working + on exactly what it should be though. The goal is to have a single- + file (or a few files) for a "ref" version, which is designed for + auditability. The ref version won't be quite so simple as TweetNaCl, + but nearly so simple and much better commented. Then there can also + be an optimized version, perhaps per-platform, which is as fast as + the original Goldilocks code but hopefully still simpler. + + I'm experimenting with SHAKE as the hash function here. Possibly I + will also add Keyak as an encryption primitive, so that everything + can be based on Keccak-f, but I'm open to suggestions. For example, + if there's a way to make BLAKE2 as simple and useful as SHAKE + (including in oversized curves like E-521), then the extra speed + would certainly be welcome. + October 27, 2014: Added more support for >512-bit primes. Changed shared secret to not overflow the buffer in this case. Changed hashing to