Open
Description
As part of #384 and #528, the group/-directory has been cleaned up for the v4 release.
Paraphrasing @ineiti in #384 :
#384 was triggered by a question that came up with ByzGen about our use of Curve25519. This curve can be represented in two different ways:
- Twisted Edward Curve: https://tools.ietf.org/html/rfc8032
- Montgomery Curve: https://tools.ietf.org/html/rfc7748
The two representations are isogenic, which means that you can get from one representation to the other with a change of coordinates.
The two (three) curve25519 implementation in kyber are as follows:
Ed25519ingroup/ed25519is either constant-time, or variable-time, Twisted Edwards Curve implementationVariable Ed25519ingroup/var_ed25519is a variable-time, Twisted Edwards Curve implementation
As of 2019, it seems that a consensus is materializing, where Edwards25519 refers to the Twisted Edwards representation, while Curve25519 refers to the Montgomery representation.
➡️ We should add a Montgomery representation of Curve25519 to the repo and call it Curve25519