--- Day changed Mon Dec 28 2015
06:46 -!- belcher [~user@unaffiliated/belcher] has joined #secp256k1
10:02 -!- Luke-Jr [~luke-jr@unaffiliated/luke-jr] has quit [Quit: Konversation terminated!]
10:03 -!- Luke-Jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1
10:49 -!- belcher [~user@unaffiliated/belcher] has quit [Quit: Leaving]
14:33 < andytoshi> this is fun and really well-written: https://eprint.iacr.org/2015/1233
14:34 < andytoshi> and for those curious, it does not affect us (a) because we use the weierstrass form of the curve (well, in jacobi coordinates, which changes things a tiny bit), which has its own class of invalid-point attacks; (b) we check for invalid points wherever it matters
14:35 < sipa> the curve has cofactor 1, so valid points are all points on the curve
14:35 < sipa> eh, the grouo has cofactor 1
14:35 < andytoshi> oh, that's right
14:35 < sipa> but indeed, we do check curve equation on uncompressed points
14:36 < sipa> and comoressed points, if the square root exists, always results in a point on the curve
14:36 < andytoshi> i always forget this and confuse "wrong group" attacks with "wrong curve" attacks since for us these are the same
14:57 < gmaxwell> It's a good paper to keep in mind, e.g. wrt things like detmann's latest mastery.
16:34 -!- belcher [~user@unaffiliated/belcher] has joined #secp256k1
20:14 -!- belcher [~user@unaffiliated/belcher] has quit [Quit: Leaving]
23:13 -!- waxwing [~waxwing@62.205.214.125] has quit [Read error: Connection reset by peer]
23:15 -!- waxwing [~waxwing@62.205.214.125] has joined #secp256k1