Please sign in to comment.
Correct bounds in 32-bit code.
The 32-bit code was illustrative of the tricks used in the original curve25519 paper rather than rigorous. However, it has proven quite popular. This change fixes an issue that Robert Ransom found where outputs between 2^255-19 and 2^255-1 weren't correctly reduced in fcontract. This appears to leak a small fraction of a bit of security of private keys. Additionally, the code has been cleaned up to reflect the real-world needs. The ref10 code also exists for 32-bit, generic C but is somewhat slower and objections around the lack of qhasm availibility have been raised.
- Loading branch information...
Oops, something went wrong.