Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: Monero vs Boolberry Chess Challenge and CryptoNote technical discussion
by
letsplayagame
on 01/10/2015, 14:20:34 UTC
Quote from: seigen on October 01, 2015, 01:26:54 PM
Quote from: letsplayagame on September 30, 2015, 05:50:34 AM
Quote from: smooth on September 28, 2015, 08:49:38 AM
Quote from: letsplayagame on September 28, 2015, 08:33:05 AM
My single biggest question after reading the entire paper is the how did they choose their elliptic curve constants?  The protocol appears sound; who chose the constants?  Will there be a plan for choosing new constants in the future if needed?

As I understand it the constants were chosen by Daniel J. Bernstein. I think this is noted in the white paper but may have been missed during that initial review when cryptonote suddenly dropped out of the sky.

https://en.wikipedia.org/wiki/EdDSA

I'm not a cryptographer so I may be getting some of this wrong.

Quote
I know that Monero and Boolberry did not create CryptoNote but have improved on it. Any guesses for the reason the CryptoNote creators selected a relatively new cryptographic hash function?
https://en.wikipedia.org/wiki/Secure_Hash_Algorithm

I've not seen any answer to this, though you could try asking on their forum. That can be hit or miss. Some of the people posting there on behalf of "cryptonote" obviously have technical knowledge but others are just clueless.



Daniel Bernstein seems well qualified to make that decision. Maybe he will share his thoughts with us. Is he on bitcointalk?
https://en.wikipedia.org/wiki/Daniel_J._Bernstein

The second question may or may not even matter (I have no reason to assume there is something wrong with the chosen hash function).  Only because of the importance of the decision am I wondering about the selection.  I have not registered on the CryptoNote forums but may do so at some point.

Thank you for your time.


1. The largest prime number closest to the power of two (2^255 – 19) was defined for modular arithmetics speed up. 
2. The order of group 1 (another large number) was obtained when the group order for this curve was calculated.
3. Basepoint for EdDSA corresponds to the basepoint of Curve25519. These curves are birationally equivalent. Curve25519  uses the base point x = 9
4. Coefficient 486662 for Curve25519 (and, respectively, coefficient 121665 for EdDSA) was chosen the same way.

More detailed explanation of each constant choice can be found there: http://cr.yp.to/ecdh/curve25519-20060209.pdf




Thank you for your detailed answer.

I will study the paper you referred me to until I am certain I understand the importance of all of the above. My chess schedule should provide me some flexibility to study more cryptography this week.