From: Mark Watson <watsonm@netflix.com>

Date: Mon, 18 Jul 2016 08:18:39 -0700

Message-ID: <CAEnTvdAX7n1pA5gvaGVRLs_z8cuhQr+5S-A-2gDpyrJDoywm1Q@mail.gmail.com>

To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>

Date: Mon, 18 Jul 2016 08:18:39 -0700

Message-ID: <CAEnTvdAX7n1pA5gvaGVRLs_z8cuhQr+5S-A-2gDpyrJDoywm1Q@mail.gmail.com>

To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>

All, I posed the following question on Issue 39 [1], but I'm forwarding it here in case it was not seen by everyone: I have a small difficulty in understanding how the operations defined in X9.62 are identical to those defined in RFC6090. An initial point of confusion is that X9.62 uses additive notation for the group operation of the Elliptic curve group and RFC6090 uses multiplicative notation, but that is not an issue. X9.62 defines the DH operation as *P = hdQ* and RFC6090 defines it as *secret = (g^k)^j* where: - *Q* = *(g^k)* = Public Key (an elliptic curve point) - *d* = *j* = Private Key (an integer) - *P* = *secret* = the shared secret (an elliptic curve point) X9.62 defines scalar multiplication of a curve point as "repeated addition" by which I assume it means repeated application of the group operation. Although both specifications go into some detail as to the group operation, with different terms and notation, I'm prepared to believe its exactly the same operation. Both specifications then use the x-coordinate of the output. The *h* term does not appear in the RFC6090 equation. It is the "co-factor" - the ratio of the order to the curve to the order of the curve group. Can someone explain this difference ? (Note that I have a "working draft" copy of X9.62 so there is an outside chance I'm not looking at the exact final text). Thanks ... Mark [1] https://github.com/w3c/webcrypto/issues/39Received on Monday, 18 July 2016 15:19:09 UTC

*
This archive was generated by hypermail 2.3.1
: Monday, 18 July 2016 15:19:10 UTC
*