Hi, Ive been looking into ECC addition/multiplication. I looked at how pybitcointools implements it https://github.com/vbuterin/pybitcointools/blob... It uses Jacobian multiplication whereas earlier versions of it used Jordan multiplication. Now, I dont understand neither what Jacobian nor what Jordan does, Loked online, only found some theorems, no easy to understand info. Does anyone know what Jacobian/Jordan does
Im researching this to see if it is possible to use tlsnotary with ecdhe using some sort of paillier for ECC math.
proslogion joined the channel
waxwing
dansmith_btc: i remember asking about it when i was looking into the CT code, the high level answer i got was that it was a change of coordinates to improve performance
but, if you're looking into how DH could be done with some kind of homomorphism so as to split, i don't know, but one thing i remember is that there is a 3 party DH algorithm
you can also use the secp256k1 code base, it has a bunch of comments, *but* there's a lot of very sophisticated stuff there, a lot of precomputations, coordinate changes as mentioned and also various algebraic tricks and defence against timing sidechannels.
at least it's in C not C++ :)
re: "Paillier-ising" i'm sure there's no direct way, but it's quite suggestive that the encryption algo in Paillier (g^m r^n mod n^2) is quite similar to the structure in a pedersen commitment: xG +rH , in both cases r acting like a random nonce. of course that's commitment not encryption but still, that structure seems to crop up a *lot* in different schemes.
hmm no that's a bit different, isn't it, since it's r^n not, say, h^r where h is some other generator. oh well it was a complete stretch anyway :)
dansmith_btc
waxwing, thanks for the pointers, it helped. So, from your link Jacobian point doubling uses Y^4 which is a show-stopper for paillier cause paillier homomorphism works well only addition and multiplication by a small number.
arubi joined the channel
waxwing
dansmith_btc: i don't think it should be relevant, it's just a change of coordinates, the maths is the same (i don't actually see y^4 being used tho'?). it's not like you have to use jacobian coords.