Skip to content

Curve448 with full coordinates #1306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 23 commits into
base: master
Choose a base branch
from
Open

Curve448 with full coordinates #1306

wants to merge 23 commits into from

Conversation

daxpedda
Copy link
Contributor

@daxpedda daxpedda commented Jul 19, 2025
edited
Loading

This PR implements a set of types for Montgomery points with a full coordinate system and corresponding Curve448 type with a CurveArithmetic implementation. Our current MontgomeryPoint x-coordinate only remains in place for use with X448 and is renamed to MontgomeryXpoint.

For context: the x-only coordinate system can't implement a full set of arithmetic operations because of the missing y-coordinate. While the y-coordinate could be recovered, it is costly and is missing the sign. Some protocols exist that set the sign of the y-coordinate, which is why we have some methods in place for MontgomeryXpoint to do exactly that.

I made sure to add a full set of conversion methods between the new types.

I'm aware that I'm proposing very large changes that has not previously been discussed. I'm happy to take any feedback.
It should be much easier to review than #1291 on account that it can done commit by commit.

Take 2 on #1291.

@daxpedda daxpedda mentioned this pull request Jul 19, 2025
Open
@daxpedda daxpedda mentioned this pull request Jul 19, 2025
Open
@daxpedda daxpedda force-pushed the curve448-4 branch 2 times, most recently from de2134a to 0b1b77b Compare July 19, 2025 12:44
@daxpedda daxpedda mentioned this pull request Jul 19, 2025
Open
baloo
baloo reviewed Jul 20, 2025
View reviewed changes
@daxpedda daxpedda requested a review from tarcieri July 20, 2025 10:41
@carloskiki
Copy link
Contributor

Do you have any protocol in mind where this would be used?

@daxpedda
Copy link
Contributor Author

daxpedda commented Jul 20, 2025
edited
Loading

Yes, I am planning on using it with OPRF inside OPAQUE.

baloo
baloo reviewed Jul 20, 2025
View reviewed changes
@baloo baloo mentioned this pull request Jul 20, 2025
Draft
tarcieri
tarcieri reviewed Jul 21, 2025
View reviewed changes
tarcieri
tarcieri reviewed Jul 21, 2025
View reviewed changes
@daxpedda daxpedda requested a review from tarcieri July 26, 2025 12:59
@daxpedda daxpedda force-pushed the curve448-4 branch 2 times, most recently from dce0a03 to ce00799 Compare July 30, 2025 09:56
daxpedda
daxpedda commented Aug 2, 2025
View reviewed changes
@daxpedda daxpedda force-pushed the curve448-4 branch 2 times, most recently from 227d8d8 to 44f8c53 Compare August 3, 2025 01:07
@daxpedda daxpedda mentioned this pull request Aug 3, 2025
Open
46 tasks
daxpedda added 17 commits August 3, 2025 18:46
@daxpedda
Add ProjectiveMontgomeryXpoint::GENERATOR
c6b22d3
@daxpedda
Document source of montgomery::differential_add_and_double
c57407d
@daxpedda
Expose Montgomery ladder with additional output internally
52fa4e4
@daxpedda
Add ProjectiveMontgomeryXpoint::double()
eddcf4a
@daxpedda
Add full-coordinate MontgomeryPoint skeleton
033ab5c
@daxpedda
Drop CurveArithmetic requirement from CurveWithScalar
5d5bd3d
@daxpedda
Add MontgomeryScalar
51f03d7
@daxpedda
Add arithmetic operations to Montgomery
d171bd7
@daxpedda
Add Montgomery <-> Edwards conversions
27f97a3
@daxpedda
Implement CurveArithmetic for Curve448
fce6482
@daxpedda
Implement FromOkm for MontgomeryScalar
c3d3212
@daxpedda
Implement hash2curve for Curve448
4306725
@daxpedda
Add hash2curve to ProjectiveMontgomeryXpoint
705d717
@daxpedda
Test Montgomery -> Edwards through hash2curve
bc51594
@daxpedda
Rename MontgomeryPoint fields from x|y to U|V
15beab8
@daxpedda
Rename MontgomeryPoint to AffineMontgomeryPoint
247f5e9
@daxpedda
Not every full-coordinate Montgomery point is valid
874805c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarcieri tarcieri Awaiting requested review from tarcieri

1 more reviewer

@baloo baloo baloo left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@daxpedda @carloskiki @tarcieri @baloo