X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/9c1437f372e62f0b3b3a7162aabee73bdc96ce4b..HEAD:/pub/x25519.h

diff --git a/pub/x25519.h b/pub/x25519.h
index 56008df3..192f8db0 100644
--- a/pub/x25519.h
+++ b/pub/x25519.h
@@ -41,6 +41,17 @@
  * Since then, the name `Curve25519' has shifted somewhat, to refer to the
  * specific elliptic curve used, and the x-coordinate Diffie--Hellman
  * operation is now named `X25519'.
+ *
+ * The @x25519@ function essentially performs incompatible cofactor
+ * multiplication on the elliptic curve %$E(k)$% containing points %$(x, y)$%
+ * in %$\proj^2(k)$% satisfying the Montgomery-form equation
+ *
+ *	%$y^3 = x^3 + 486662 x^2 + x$% ,
+ *
+ * where $k = \gf{p}$, with $p = 2^{255} - 19$%.  The curve has
+ * %$n = (p + 1) + 221938542218978828286815502327069187962$% points; this is
+ * eight times a prime %$\ell$%.  The points with %$x$%-coordinate 9 have
+ * order %$\ell$%.
  */
 
 /*----- Header files ------------------------------------------------------*/