  • Yawning Angel's avatar
    internal/x25519ell2: Initial import · 393aca86
    Yawning Angel authored
    Replace agl's Elligator2 implementation with a different one, that fixes
    the various distinguishers stemming from bugs in the original
    implementation and "The Elligator paper is extremely hard to read".
    All releases prior to this commit are trivially distinguishable with
    simple math, so upgrading is strongly recommended.  The upgrade is fully
    backward-compatible with existing implementations, however the
    non-upgraded side will emit traffic that is trivially distinguishable
    from random.
    Special thanks to Loup Vaillant for his body of work on this primitive,
    and for motivating me to fix it.