* Since then, the name `Curve25519' has shifted somewhat, to refer to the
* specific elliptic curve used, and the x-coordinate Diffie--Hellman
* operation is now named `X25519'.
+ *
+ * The @x25519@ function essentially performs incompatible cofactor
+ * multiplication on the elliptic curve %$E(k)$% containing points %$(x, y)$%
+ * in %$\proj^2(k)$% satisfying the Montgomery-form equation
+ *
+ * %$y^3 = x^3 + 486662 x^2 + x$% ,
+ *
+ * where $k = \gf{p}$, with $p = 2^{255} - 19$%. The curve has
+ * %$n = (p + 1) + 221938542218978828286815502327069187962$% points; this is
+ * eight times a prime %$\ell$%. The points with %$x$%-coordinate 9 have
+ * order %$\ell$%.
*/
/*----- Header files ------------------------------------------------------*/
* described in Hamburg's paper, since it doesn't involve the `Decaf'
* cofactor elimination procedure. Indeed, it looks very much like X25519
* with Hamburg's curve slotted in in place of Bernstein's.
+ *
+ * The @x448@ function essentially performs incompatible cofactor
+ * multiplication on the elliptic curve %$E(k)$% containing points %$(x, y)$%
+ * in %$\proj^2(k)$% satisfying the Montgomery-form equation
+ *
+ * %$y^3 = x^3 + 156326 x^2 + x$% ,
+ *
+ * where $k = \gf{p}$, with $p = \phi^2 - \phi - 1$%, where
+ * %$\phi = 2^{224}$%. The curve has %$n = (p + 1) + {}$%
+ * %$28312320572429821613362531907042076847709625476988141958474579766324$%
+ * points; this is four times a prime %$\ell$%. The points with
+ * %$x$%-coordinate 5 have order %$\ell$%.
*/
/*----- Header files ------------------------------------------------------*/
~mdw / catacomb / commitdiff