deletions | additions       diff --git a/untitled.tex b/untitled.tex  index 81734ed..acd62fa 100644  --- a/untitled.tex  +++ b/untitled.tex 
...
However, for special form primes, this turns out not to work. The order of the curve is always within the Hasse Interval; that is, we have:  $$p + 1 - 2\sqrt{p} < hn < p + 1 + 2\sqrt{p}$$  where $h$ is the cofactor of the curve, and is usually a small power of 2. What this implies is that $n \approx p/h$, and if the upper bits of $p$ have a sparse structure, then the upper bits of $n$ will also have a sparse structure. In other words, if $r < \sqrt{p}$, then some of the bits of $rh+k$ $rn+k$  will be strongly correlated to be some  bits of $k$, and hence this supposed  blinding operation does leak some information about $k$. This would appear to imply that primes with special structure would require significantly larger $r$ values than random primes (and primes. And  because the time taken to do a point multiplication is proportional to the length of the integer being multiplied, this would appear to imply that primes with special structure can be slower than random primes when implemented on hardware). hardware.  \section{Scalar randomization with fields with special structure}  - Radix arithemetic