This topic is READ ONLY
import-bot (20212) [Avatar] Offline
Re: pegwit's elliptic curve over GF(2^255)
[Originally posted by drmike]

The new version of pegwit uses GF(2^233) which is a prime field. Smart's
attack made the composite field a dangerous choice. You are correct that
255 is an extension of 15, and that's the problem. The documentation on
the new pegwit hasn't even started because work is continuing on the latest
invokation (version 9 I believe). It's also been changed to use the ONB
representation rather than polynomial. So it's quite a bit different from
the original.
import-bot (20212) [Avatar] Offline
[Originally posted by pc1697]

Dear Sir

I found there is a software called "pegwit" recently,
when I read in the "design.txt" in it.
I found this
> The field is represented as polynomials of degree 17
> with coefficients which are elements of GF(2^15).

does it equals to "elliptic curve over GF(2^255)"
would you mind to explain to me?

as i knows
GF(2^15) = Extension field of GF(2)
GF(2^255) = Extension field of GF(2^15) ??

import-bot (20212) [Avatar] Offline
Re: pegwit's elliptic curve over GF(2^255)
[Originally posted by ]

I'm confused. How is 2^233 a prime number?

I thought I had figured out that the "prime" EC fields were using mod integer
arithmetic F sub p where p is a large prime, and power-of-two fields were
using polynomials and you wrote them F sub (2 super n). Your book never uses
GF notation, though it's in the index.

But now I'm confused again. What's up?

import-bot (20212) [Avatar] Offline
Re: pegwit's elliptic curve over GF(2^255)
[Originally posted by ]

2^233 is allowed for use because Smart's attack won't work. That's
because 233 is prime. You are right that calling that a "prime
field" doesn't make any sense, what I meant was that 233 is prime,
so the field is safe from attack.

I think GF(p^n) == F_p^n notation. I don't know where the difference
comes from, but the F_p^n notation is from the mathematicians. It
may be that the GF(p^n) notation is from computer science majors.

Another notational difference is that mathematicians write Z/nZ to
indicate a modular field of size n, but CS people write it as Z_n.
For the mathematicians, it means the Ring of integers divided by
an Ideal of all integers multiplied by n. The final object is the
same, but the thought process is quite a bit different.

BTW, thanks for the comment about finding the book at Amazon, that's
good to know it's still available.