X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/8276a9c565bc29afbc6cc120dfde0801c06c2bbd..HEAD:/pub/x448.h

diff --git a/pub/x448.h b/pub/x448.h
index 4561d41a..42c9fb93 100644
--- a/pub/x448.h
+++ b/pub/x448.h
@@ -43,6 +43,18 @@
  * described in Hamburg's paper, since it doesn't involve the `Decaf'
  * cofactor elimination procedure.  Indeed, it looks very much like X25519
  * with Hamburg's curve slotted in in place of Bernstein's.
+ *
+ * The @x448@ function essentially performs incompatible cofactor
+ * multiplication on the elliptic curve %$E(k)$% containing points %$(x, y)$%
+ * in %$\proj^2(k)$% satisfying the Montgomery-form equation
+ *
+ *	%$y^3 = x^3 + 156326 x^2 + x$% ,
+ *
+ * where $k = \gf{p}$, with $p = \phi^2 - \phi - 1$%, where
+ * %$\phi = 2^{224}$%.  The curve has %$n = (p + 1) + {}$%
+ * %$28312320572429821613362531907042076847709625476988141958474579766324$%
+ * points; this is four times a prime %$\ell$%.  The points with
+ * %$x$%-coordinate 5 have order %$\ell$%.
  */
 
 /*----- Header files ------------------------------------------------------*/