summaryrefslogtreecommitdiffstats
path: root/src/crypto/cipher/aes128_ctr
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2015-01-09 17:31:10 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2015-01-09 17:31:10 +0100
commit68462604fa5441c692f9442f70ea30ac69252ae4 (patch)
tree91fb961143a4981e9ff1a0dbd375c1740e318a5c /src/crypto/cipher/aes128_ctr
parent7286aff2c39a52ab9a92a815dd54d21dd7ed6871 (diff)
downloadfastd-68462604fa5441c692f9442f70ea30ac69252ae4.tar
fastd-68462604fa5441c692f9442f70ea30ac69252ae4.zip
ec25519-fhmqvc: optimize handshake by using embedded group element verification
Using the embedded group element verification allows us to get away without explicit verification, thus needing one scalar multiplication less. This reduces the number of expensive operations needed for a handshake to three: one Galois field square root (for key unpacking) and two scalar multiplications. For this optimization to be secure, private keys must be divisible by 8. This is the case for all keys generated with all but extremely old versions of fastd (pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse to start now.
Diffstat (limited to 'src/crypto/cipher/aes128_ctr')
0 files changed, 0 insertions, 0 deletions