this is for holding javascript data
Scott Fluhrer edited untitled.tex
almost 9 years ago
Commit id: b0566045c114e0e651916bede6dd65064ef7c18e
deletions | additions
diff --git a/untitled.tex b/untitled.tex
index 9cb1e72..a61796f 100644
--- a/untitled.tex
+++ b/untitled.tex
...
00 00 00 20 27 27 28 29 29 08 23 23 19 19 11 05 16 04 19 03 03 09 14\
15 11 20 31 13
Note the long string of zero's at the beginning; these are what makes scalar randomization less effective. As one might expect, $rn \approx r2^{252} + r2^{124.4}$, and if $r < 2^{128}$, then bits 251 and below of $k + nr$ will be strongly correlated to the corresponding bits of $k$ (because the bits of $nr$ with nontrivial contributions to those bits of the sum will be zero). Other special form primes don't have quite as striking of a form (I chose Curve25519 because the form of its $n$
makes it is obvious), but they too have long strings of 0's or $b-1$ digits at the beginning, which yields the corresponding weakness.
However, let us consider what happens if we consider a $b$ which is not a power of 2. For example, if we were to take the same $n$ expressed in base $b=48$, we get:
...