With curve25519, the scalar multiplication function: (x, y) -> n * (x, y) = (x', y') -> x' has the property that for valid points on the extended curve (degree two extension of F(p) that gives a y for every x in F(p)), x' depends only on x, and can be effectively computed from x alone, and this can be done for all x in F(p) since all "x" values are either on the curve or its "twist". Therefore, the X25519 key agreement protocol only uses the x-coordinate. IIRC, Ed25519 signatures do require a y-coordinate sign, and so the signature representation is not x-only. > On Sep 4, 2018, at 10:24 AM, Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote: > > My source is Dr. Lange at the IETF meeting in Toronto when the IETF selected EC25519. > > A curve point needs an x and a y. But do you need the y for the computation. Do you only need its sign? I don't know. I am not a mathematician. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
