rfc9380.html   rfc9380_artwork.html 
skipping to change at line 38 skipping to change at line 38
lxml 4.9.0 lxml 4.9.0
platformdirs 3.8.0 platformdirs 3.8.0
pycountry 22.3.5 pycountry 22.3.5
PyYAML 6.0 PyYAML 6.0
requests 2.28.0 requests 2.28.0
setuptools 44.1.1 setuptools 44.1.1
six 1.16.0 six 1.16.0
wcwidth 0.2.5 wcwidth 0.2.5
weasyprint 56.1 weasyprint 56.1
--> -->
<link href="rfc9380.xml" rel="alternate" type="application/rfc+xml"> <link href="rfc9380_artwork.xml" rel="alternate" type="application/rfc+xml">
<link href="#copyright" rel="license"> <link href="#copyright" rel="license">
<style type="text/css">/* <style type="text/css">/*
NOTE: Changes at the bottom of this file overrides some earlier settings. NOTE: Changes at the bottom of this file overrides some earlier settings.
Once the style has stabilized and has been adopted as an official RFC style, Once the style has stabilized and has been adopted as an official RFC style,
this can be consolidated so that style settings occur only in one place, but this can be consolidated so that style settings occur only in one place, but
for now the contents of this file consists first of the initial CSS work as for now the contents of this file consists first of the initial CSS work as
provided to the RFC Formatter (xml2rfc) work, followed by itemized and provided to the RFC Formatter (xml2rfc) work, followed by itemized and
commented changes found necessary during the development of the v3 commented changes found necessary during the development of the v3
skipping to change at line 3504 skipping to change at line 3504
<h3 id="name-suites-for-nist-p-256"> <h3 id="name-suites-for-nist-p-256">
<a href="#section-8.2" class="section-number selfRef">8.2. </a><a href="#name-su ites-for-nist-p-256" class="section-name selfRef">Suites for NIST P-256</a> <a href="#section-8.2" class="section-number selfRef">8.2. </a><a href="#name-su ites-for-nist-p-256" class="section-name selfRef">Suites for NIST P-256</a>
</h3> </h3>
<p id="section-8.2-1">This section defines ciphersuites for the NIST P-256 ellip tic curve <span>[<a href="#FIPS186-4" class="cite xref">FIPS186-4</a>]</span>.<a href="#section-8.2-1" class="pilcrow">¶</a></p> <p id="section-8.2-1">This section defines ciphersuites for the NIST P-256 ellip tic curve <span>[<a href="#FIPS186-4" class="cite xref">FIPS186-4</a>]</span>.<a href="#section-8.2-1" class="pilcrow">¶</a></p>
<p id="section-8.2-2">P256_XMD:SHA-256_SSWU_RO_ is defined as follows:<a href="# section-8.2-2" class="pilcrow">¶</a></p> <p id="section-8.2-2">P256_XMD:SHA-256_SSWU_RO_ is defined as follows:<a href="# section-8.2-2" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.2-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.2-3.1" cla ss="pilcrow">¶</a> <li class="normal" id="section-8.2-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.2-3.1" cla ss="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.2-3.2"> <li class="normal" id="section-8.2-3.2">
<p id="section-8.2-3.2.1">E: y^2 = x^3 + A * x + B, where<a href="#s ection-8.2-3.2.1" class="pilcrow">¶</a></p> <p id="section-8.2-3.2.1">E: y^2 = x^3 + A * x + B, where<a href="#s ection-8.2-3.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.2-3.2.2">
<li class="normal" id="section-8.2-3.2.2.1">A = -3<a href="#section-8.2-3.2.2.1" <pre>
class="pilcrow">¶</a> - A = -3
</li>
<li class="normal" id="section-8.2-3.2.2.2">B = 0x5ac635d8aa3a93e7 - B = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e2
b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b<a href="#section-8.2-3.2.2.2" c 7d2604b
lass="pilcrow">¶</a> </pre><a href="#section-8.2-3.2.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.2-3.3">p: 2^256 - 2^224 + 2^192 + 2^9 6 - 1<a href="#section-8.2-3.3" class="pilcrow">¶</a> <li class="normal" id="section-8.2-3.3">p: 2^256 - 2^224 + 2^192 + 2^9 6 - 1<a href="#section-8.2-3.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.2-3.4">m: 1<a href="#section-8.2-3.4" class="pilcrow">¶</a> <li class="normal" id="section-8.2-3.4">m: 1<a href="#section-8.2-3.4" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.2-3.5">k: 128<a href="#section-8.2-3. 5" class="pilcrow">¶</a> <li class="normal" id="section-8.2-3.5">k: 128<a href="#section-8.2-3. 5" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.2-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.2-3.6" class="pilcrow">¶</a> <li class="normal" id="section-8.2-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.2-3.6" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.2-3.7">H: SHA-256<a href="#section-8. 2-3.7" class="pilcrow">¶</a> <li class="normal" id="section-8.2-3.7">H: SHA-256<a href="#section-8. 2-3.7" class="pilcrow">¶</a>
skipping to change at line 3548 skipping to change at line 3550
<h3 id="name-suites-for-nist-p-384"> <h3 id="name-suites-for-nist-p-384">
<a href="#section-8.3" class="section-number selfRef">8.3. </a><a href="#name-su ites-for-nist-p-384" class="section-name selfRef">Suites for NIST P-384</a> <a href="#section-8.3" class="section-number selfRef">8.3. </a><a href="#name-su ites-for-nist-p-384" class="section-name selfRef">Suites for NIST P-384</a>
</h3> </h3>
<p id="section-8.3-1">This section defines ciphersuites for the NIST P-384 ellip tic curve <span>[<a href="#FIPS186-4" class="cite xref">FIPS186-4</a>]</span>.<a href="#section-8.3-1" class="pilcrow">¶</a></p> <p id="section-8.3-1">This section defines ciphersuites for the NIST P-384 ellip tic curve <span>[<a href="#FIPS186-4" class="cite xref">FIPS186-4</a>]</span>.<a href="#section-8.3-1" class="pilcrow">¶</a></p>
<p id="section-8.3-2">P384_XMD:SHA-384_SSWU_RO_ is defined as follows:<a href="# section-8.3-2" class="pilcrow">¶</a></p> <p id="section-8.3-2">P384_XMD:SHA-384_SSWU_RO_ is defined as follows:<a href="# section-8.3-2" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.3-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.3-3.1" cla ss="pilcrow">¶</a> <li class="normal" id="section-8.3-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.3-3.1" cla ss="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.3-3.2"> <li class="normal" id="section-8.3-3.2">
<p id="section-8.3-3.2.1">E: y^2 = x^3 + A * x + B, where<a href="#s ection-8.3-3.2.1" class="pilcrow">¶</a></p> <p id="section-8.3-3.2.1">E: y^2 = x^3 + A * x + B, where<a href="#s ection-8.3-3.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.3-3.2.2">
<li class="normal" id="section-8.3-3.2.2.1">A = -3<a href="#section-8.3-3.2.2.1" <pre>
class="pilcrow">¶</a> - A = -3
</li>
<li class="normal" id="section-8.3-3.2.2.2">B = 0xb3312fa7e23ee7e4 - B = 0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f
988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef 5013875ac656398d8a2ed19d2a85c8edd3ec2aef</pre><a href="#section-8.3-3.2.2" cl
<a href="#section-8.3-3.2.2.2" class="pilcrow">¶</a> ass="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.3-3.3">p: 2^384 - 2^128 - 2^96 + 2^32 - 1<a href="#section-8.3-3.3" class="pilcrow">¶</a> <li class="normal" id="section-8.3-3.3">p: 2^384 - 2^128 - 2^96 + 2^32 - 1<a href="#section-8.3-3.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.3-3.4">m: 1<a href="#section-8.3-3.4" class="pilcrow">¶</a> <li class="normal" id="section-8.3-3.4">m: 1<a href="#section-8.3-3.4" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.3-3.5">k: 192<a href="#section-8.3-3. 5" class="pilcrow">¶</a> <li class="normal" id="section-8.3-3.5">k: 192<a href="#section-8.3-3. 5" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.3-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.3-3.6" class="pilcrow">¶</a> <li class="normal" id="section-8.3-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.3-3.6" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.3-3.7">H: SHA-384<a href="#section-8. 3-3.7" class="pilcrow">¶</a> <li class="normal" id="section-8.3-3.7">H: SHA-384<a href="#section-8. 3-3.7" class="pilcrow">¶</a>
skipping to change at line 3592 skipping to change at line 3595
<h3 id="name-suites-for-nist-p-521"> <h3 id="name-suites-for-nist-p-521">
<a href="#section-8.4" class="section-number selfRef">8.4. </a><a href="#name-su ites-for-nist-p-521" class="section-name selfRef">Suites for NIST P-521</a> <a href="#section-8.4" class="section-number selfRef">8.4. </a><a href="#name-su ites-for-nist-p-521" class="section-name selfRef">Suites for NIST P-521</a>
</h3> </h3>
<p id="section-8.4-1">This section defines ciphersuites for the NIST P-521 ellip tic curve <span>[<a href="#FIPS186-4" class="cite xref">FIPS186-4</a>]</span>.<a href="#section-8.4-1" class="pilcrow">¶</a></p> <p id="section-8.4-1">This section defines ciphersuites for the NIST P-521 ellip tic curve <span>[<a href="#FIPS186-4" class="cite xref">FIPS186-4</a>]</span>.<a href="#section-8.4-1" class="pilcrow">¶</a></p>
<p id="section-8.4-2">P521_XMD:SHA-512_SSWU_RO_ is defined as follows:<a href="# section-8.4-2" class="pilcrow">¶</a></p> <p id="section-8.4-2">P521_XMD:SHA-512_SSWU_RO_ is defined as follows:<a href="# section-8.4-2" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.4-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.4-3.1" cla ss="pilcrow">¶</a> <li class="normal" id="section-8.4-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.4-3.1" cla ss="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.4-3.2"> <li class="normal" id="section-8.4-3.2">
<p id="section-8.4-3.2.1">E: y^2 = x^3 + A * x + B, where<a href="#s ection-8.4-3.2.1" class="pilcrow">¶</a></p> <p id="section-8.4-3.2.1">E: y^2 = x^3 + A * x + B, where<a href="#s ection-8.4-3.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.4-3.2.2">
<li class="normal" id="section-8.4-3.2.2.1">A = -3<a href="#section-8.4-3.2.2.1" <pre>
class="pilcrow">¶</a> - A = -3
</li>
<li class="normal" id="section-8.4-3.2.2.2">B = 0x51953eb9618e1c9a - B = 0x51953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489
1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf 918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451
073573df883d2c34f1ef451fd46b503f00<a href="#section-8.4-3.2.2.2" class="pilcrow" fd46b503f00</pre><a href="#section-8.4-3.2.2" class="pilcrow">¶</a>
>¶</a> </div>
</li>
</ul>
</li> </li>
<li class="normal" id="section-8.4-3.3">p: 2^521 - 1<a href="#section- 8.4-3.3" class="pilcrow">¶</a> <li class="normal" id="section-8.4-3.3">p: 2^521 - 1<a href="#section- 8.4-3.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.4-3.4">m: 1<a href="#section-8.4-3.4" class="pilcrow">¶</a> <li class="normal" id="section-8.4-3.4">m: 1<a href="#section-8.4-3.4" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.4-3.5">k: 256<a href="#section-8.4-3. 5" class="pilcrow">¶</a> <li class="normal" id="section-8.4-3.5">k: 256<a href="#section-8.4-3. 5" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.4-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.4-3.6" class="pilcrow">¶</a> <li class="normal" id="section-8.4-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.4-3.6" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.4-3.7">H: SHA-512<a href="#section-8. 4-3.7" class="pilcrow">¶</a> <li class="normal" id="section-8.4-3.7">H: SHA-512<a href="#section-8. 4-3.7" class="pilcrow">¶</a>
skipping to change at line 3639 skipping to change at line 3644
<p id="section-8.5-1">This section defines ciphersuites for curve25519 and edwar ds25519 <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>]</span>. <p id="section-8.5-1">This section defines ciphersuites for curve25519 and edwar ds25519 <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>]</span>.
Note that these ciphersuites <span class="bcp14">MUST NOT</span> be used when ha shing to ristretto255 Note that these ciphersuites <span class="bcp14">MUST NOT</span> be used when ha shing to ristretto255
<span>[<a href="#I-D.irtf-cfrg-ristretto255-decaf448" class="cite xref">ristrett o255-decaf448</a>]</span>. <span>[<a href="#I-D.irtf-cfrg-ristretto255-decaf448" class="cite xref">ristrett o255-decaf448</a>]</span>.
See <a href="#appx-ristretto255" class="auto internal xref">Appendix B</a> for i nformation on how to hash to that group.<a href="#section-8.5-1" class="pilcrow" >¶</a></p> See <a href="#appx-ristretto255" class="auto internal xref">Appendix B</a> for i nformation on how to hash to that group.<a href="#section-8.5-1" class="pilcrow" >¶</a></p>
<p id="section-8.5-2">curve25519_XMD:SHA-512_ELL2_RO_ is defined as follows:<a h ref="#section-8.5-2" class="pilcrow">¶</a></p> <p id="section-8.5-2">curve25519_XMD:SHA-512_ELL2_RO_ is defined as follows:<a h ref="#section-8.5-2" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.5-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.5-3.1" cla ss="pilcrow">¶</a> <li class="normal" id="section-8.5-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.5-3.1" cla ss="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-3.2"> <li class="normal" id="section-8.5-3.2">
<p id="section-8.5-3.2.1">E: K * t^2 = s^3 + J * s^2 + s, where<a hr ef="#section-8.5-3.2.1" class="pilcrow">¶</a></p> <p id="section-8.5-3.2.1">E: K * t^2 = s^3 + J * s^2 + s, where<a hr ef="#section-8.5-3.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.5-3.2.2">
<li class="normal" id="section-8.5-3.2.2.1">J = 486662<a href="#section-8.5-3.2. <pre>
2.1" class="pilcrow">¶</a> - J = 486662
</li>
<li class="normal" id="section-8.5-3.2.2.2">K = 1<a href="#section - K = 1
-8.5-3.2.2.2" class="pilcrow">¶</a> </pre><a href="#section-8.5-3.2.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.5-3.3">p: 2^255 - 19<a href="#section -8.5-3.3" class="pilcrow">¶</a> <li class="normal" id="section-8.5-3.3">p: 2^255 - 19<a href="#section -8.5-3.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-3.4">m: 1<a href="#section-8.5-3.4" class="pilcrow">¶</a> <li class="normal" id="section-8.5-3.4">m: 1<a href="#section-8.5-3.4" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-3.5">k: 128<a href="#section-8.5-3. 5" class="pilcrow">¶</a> <li class="normal" id="section-8.5-3.5">k: 128<a href="#section-8.5-3. 5" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.5-3.6" class="pilcrow">¶</a> <li class="normal" id="section-8.5-3.6">expand_message: expand_message _xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5.3.1 </a>)<a href="#section-8.5-3.6" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-3.7">H: SHA-512<a href="#section-8. 5-3.7" class="pilcrow">¶</a> <li class="normal" id="section-8.5-3.7">H: SHA-512<a href="#section-8. 5-3.7" class="pilcrow">¶</a>
skipping to change at line 3670 skipping to change at line 3676
<li class="normal" id="section-8.5-3.10">Z: 2<a href="#section-8.5-3.1 0" class="pilcrow">¶</a> <li class="normal" id="section-8.5-3.10">Z: 2<a href="#section-8.5-3.1 0" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-3.11">h_eff: 8<a href="#section-8.5 -3.11" class="pilcrow">¶</a> <li class="normal" id="section-8.5-3.11">h_eff: 8<a href="#section-8.5 -3.11" class="pilcrow">¶</a>
</li> </li>
</ul> </ul>
<p id="section-8.5-4">edwards25519_XMD:SHA-512_ELL2_RO_ is identical to curve255 19_XMD:SHA-512_ELL2_RO_, <p id="section-8.5-4">edwards25519_XMD:SHA-512_ELL2_RO_ is identical to curve255 19_XMD:SHA-512_ELL2_RO_,
except for the following parameters:<a href="#section-8.5-4" class="pilcrow">¶</ a></p> except for the following parameters:<a href="#section-8.5-4" class="pilcrow">¶</ a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.5-5.1"> <li class="normal" id="section-8.5-5.1">
<p id="section-8.5-5.1.1">E: a * v^2 + w^2 = 1 + d * v^2 * w^2, wher e<a href="#section-8.5-5.1.1" class="pilcrow">¶</a></p> <p id="section-8.5-5.1.1">E: a * v^2 + w^2 = 1 + d * v^2 * w^2, wher e<a href="#section-8.5-5.1.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.5-5.1.2">
<li class="normal" id="section-8.5-5.1.2.1">a = -1<a href="#section-8.5-5.1.2.1" <pre>
class="pilcrow">¶</a> - a = -1
</li>
<li class="normal" id="section-8.5-5.1.2.2">d = 0x52036cee2b6ffe73 - d = 0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca1
8cc740797779e89800700a4d4141d8ab75eb4dca135978a3<a href="#section-8.5-5.1.2.2" c 35978a3
lass="pilcrow">¶</a> </pre><a href="#section-8.5-5.1.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.5-5.2">f: Twisted Edwards Elligator 2 method (<a href="#ell2edwards" class="auto internal xref">Section 6.8.2</a>)<a href="#section-8.5-5.2" class="pilcrow">¶</a> <li class="normal" id="section-8.5-5.2">f: Twisted Edwards Elligator 2 method (<a href="#ell2edwards" class="auto internal xref">Section 6.8.2</a>)<a href="#section-8.5-5.2" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-5.3">M: curve25519, defined in <spa n>[<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href="https://www.rfc-e ditor.org/rfc/rfc7748#section-4.1" class="relref">Section 4.1</a></span><a href= "#section-8.5-5.3" class="pilcrow">¶</a> <li class="normal" id="section-8.5-5.3">M: curve25519, defined in <spa n>[<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href="https://www.rfc-e ditor.org/rfc/rfc7748#section-4.1" class="relref">Section 4.1</a></span><a href= "#section-8.5-5.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.5-5.4">rational_map: the birational m aps defined in <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href ="https://www.rfc-editor.org/rfc/rfc7748#section-4.1" class="relref">Section 4.1 </a></span><a href="#section-8.5-5.4" class="pilcrow">¶</a> <li class="normal" id="section-8.5-5.4">rational_map: the birational m aps defined in <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href ="https://www.rfc-editor.org/rfc/rfc7748#section-4.1" class="relref">Section 4.1 </a></span><a href="#section-8.5-5.4" class="pilcrow">¶</a>
</li> </li>
</ul> </ul>
<p id="section-8.5-6">curve25519_XMD:SHA-512_ELL2_NU_ is identical to curve25519 _XMD:SHA-512_ELL2_RO_, <p id="section-8.5-6">curve25519_XMD:SHA-512_ELL2_NU_ is identical to curve25519 _XMD:SHA-512_ELL2_RO_,
except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.5-6" class="pilcrow">¶</a></p > except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.5-6" class="pilcrow">¶</a></p >
skipping to change at line 3707 skipping to change at line 3715
<p id="section-8.6-1">This section defines ciphersuites for curve448 and edwards 448 <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>]</span>. <p id="section-8.6-1">This section defines ciphersuites for curve448 and edwards 448 <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>]</span>.
Note that these ciphersuites <span class="bcp14">MUST NOT</span> be used when ha shing to decaf448 Note that these ciphersuites <span class="bcp14">MUST NOT</span> be used when ha shing to decaf448
<span>[<a href="#I-D.irtf-cfrg-ristretto255-decaf448" class="cite xref">ristrett o255-decaf448</a>]</span>. <span>[<a href="#I-D.irtf-cfrg-ristretto255-decaf448" class="cite xref">ristrett o255-decaf448</a>]</span>.
See <a href="#appx-decaf448" class="auto internal xref">Appendix C</a> for infor mation on how to hash to that group.<a href="#section-8.6-1" class="pilcrow">¶</ a></p> See <a href="#appx-decaf448" class="auto internal xref">Appendix C</a> for infor mation on how to hash to that group.<a href="#section-8.6-1" class="pilcrow">¶</ a></p>
<p id="section-8.6-2">curve448_XOF:SHAKE256_ELL2_RO_ is defined as follows:<a hr ef="#section-8.6-2" class="pilcrow">¶</a></p> <p id="section-8.6-2">curve448_XOF:SHAKE256_ELL2_RO_ is defined as follows:<a hr ef="#section-8.6-2" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.6-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.6-3.1" cla ss="pilcrow">¶</a> <li class="normal" id="section-8.6-3.1">encoding type: hash_to_curve (<a href="# roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.6-3.1" cla ss="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-3.2"> <li class="normal" id="section-8.6-3.2">
<p id="section-8.6-3.2.1">E: K * t^2 = s^3 + J * s^2 + s, where<a hr ef="#section-8.6-3.2.1" class="pilcrow">¶</a></p> <p id="section-8.6-3.2.1">E: K * t^2 = s^3 + J * s^2 + s, where<a hr ef="#section-8.6-3.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.6-3.2.2">
<li class="normal" id="section-8.6-3.2.2.1">J = 156326<a href="#section-8.6-3.2. <pre>
2.1" class="pilcrow">¶</a> - J = 156326
</li>
<li class="normal" id="section-8.6-3.2.2.2">K = 1<a href="#section - K = 1
-8.6-3.2.2.2" class="pilcrow">¶</a> </pre><a href="#section-8.6-3.2.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.6-3.3">p: 2^448 - 2^224 - 1<a href="# section-8.6-3.3" class="pilcrow">¶</a> <li class="normal" id="section-8.6-3.3">p: 2^448 - 2^224 - 1<a href="# section-8.6-3.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-3.4">m: 1<a href="#section-8.6-3.4" class="pilcrow">¶</a> <li class="normal" id="section-8.6-3.4">m: 1<a href="#section-8.6-3.4" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-3.5">k: 224<a href="#section-8.6-3. 5" class="pilcrow">¶</a> <li class="normal" id="section-8.6-3.5">k: 224<a href="#section-8.6-3. 5" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-3.6">expand_message: expand_message _xof (<a href="#hashtofield-expand-xof" class="auto internal xref">Section 5.3.2 </a>)<a href="#section-8.6-3.6" class="pilcrow">¶</a> <li class="normal" id="section-8.6-3.6">expand_message: expand_message _xof (<a href="#hashtofield-expand-xof" class="auto internal xref">Section 5.3.2 </a>)<a href="#section-8.6-3.6" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-3.7">H: SHAKE256<a href="#section-8 .6-3.7" class="pilcrow">¶</a> <li class="normal" id="section-8.6-3.7">H: SHAKE256<a href="#section-8 .6-3.7" class="pilcrow">¶</a>
skipping to change at line 3738 skipping to change at line 3747
<li class="normal" id="section-8.6-3.10">Z: -1<a href="#section-8.6-3. 10" class="pilcrow">¶</a> <li class="normal" id="section-8.6-3.10">Z: -1<a href="#section-8.6-3. 10" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-3.11">h_eff: 4<a href="#section-8.6 -3.11" class="pilcrow">¶</a> <li class="normal" id="section-8.6-3.11">h_eff: 4<a href="#section-8.6 -3.11" class="pilcrow">¶</a>
</li> </li>
</ul> </ul>
<p id="section-8.6-4">edwards448_XOF:SHAKE256_ELL2_RO_ is identical to curve448_ XOF:SHAKE256_ELL2_RO_, <p id="section-8.6-4">edwards448_XOF:SHAKE256_ELL2_RO_ is identical to curve448_ XOF:SHAKE256_ELL2_RO_,
except for the following parameters:<a href="#section-8.6-4" class="pilcrow">¶</ a></p> except for the following parameters:<a href="#section-8.6-4" class="pilcrow">¶</ a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.6-5.1"> <li class="normal" id="section-8.6-5.1">
<p id="section-8.6-5.1.1">E: a * v^2 + w^2 = 1 + d * v^2 * w^2, wher e<a href="#section-8.6-5.1.1" class="pilcrow">¶</a></p> <p id="section-8.6-5.1.1">E: a * v^2 + w^2 = 1 + d * v^2 * w^2, wher e<a href="#section-8.6-5.1.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.6-5.1.2">
<li class="normal" id="section-8.6-5.1.2.1">a = 1<a href="#section-8.6-5.1.2.1" <pre>
class="pilcrow">¶</a> - a = 1
</li>
<li class="normal" id="section-8.6-5.1.2.2">d = -39081<a href="#se - d = -39081
ction-8.6-5.1.2.2" class="pilcrow">¶</a> </pre><a href="#section-8.6-5.1.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.6-5.2">f: Twisted Edwards Elligator 2 method (<a href="#ell2edwards" class="auto internal xref">Section 6.8.2</a>)<a href="#section-8.6-5.2" class="pilcrow">¶</a> <li class="normal" id="section-8.6-5.2">f: Twisted Edwards Elligator 2 method (<a href="#ell2edwards" class="auto internal xref">Section 6.8.2</a>)<a href="#section-8.6-5.2" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-5.3">M: curve448, defined in <span> [<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href="https://www.rfc-edi tor.org/rfc/rfc7748#section-4.2" class="relref">Section 4.2</a></span><a href="# section-8.6-5.3" class="pilcrow">¶</a> <li class="normal" id="section-8.6-5.3">M: curve448, defined in <span> [<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href="https://www.rfc-edi tor.org/rfc/rfc7748#section-4.2" class="relref">Section 4.2</a></span><a href="# section-8.6-5.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.6-5.4">rational_map: the 4-isogeny ma p defined in <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href=" https://www.rfc-editor.org/rfc/rfc7748#section-4.2" class="relref">Section 4.2</ a></span><a href="#section-8.6-5.4" class="pilcrow">¶</a> <li class="normal" id="section-8.6-5.4">rational_map: the 4-isogeny ma p defined in <span>[<a href="#RFC7748" class="cite xref">RFC7748</a>], <a href=" https://www.rfc-editor.org/rfc/rfc7748#section-4.2" class="relref">Section 4.2</ a></span><a href="#section-8.6-5.4" class="pilcrow">¶</a>
</li> </li>
</ul> </ul>
<p id="section-8.6-6">curve448_XOF:SHAKE256_ELL2_NU_ is identical to curve448_XO F:SHAKE256_ELL2_RO_, <p id="section-8.6-6">curve448_XOF:SHAKE256_ELL2_NU_ is identical to curve448_XO F:SHAKE256_ELL2_RO_,
except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.6-6" class="pilcrow">¶</a></p > except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.6-6" class="pilcrow">¶</a></p >
skipping to change at line 3790 skipping to change at line 3800
<li class="normal" id="section-8.7-3.7">H: SHA-256<a href="#section-8. 7-3.7" class="pilcrow">¶</a> <li class="normal" id="section-8.7-3.7">H: SHA-256<a href="#section-8. 7-3.7" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.7-3.8">L: 48<a href="#section-8.7-3.8 " class="pilcrow">¶</a> <li class="normal" id="section-8.7-3.8">L: 48<a href="#section-8.7-3.8 " class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.7-3.9">f: Simplified SWU for AB == 0 (<a href="#simple-swu-AB0" class="auto internal xref">Section 6.6.3</a>)<a href= "#section-8.7-3.9" class="pilcrow">¶</a> <li class="normal" id="section-8.7-3.9">f: Simplified SWU for AB == 0 (<a href="#simple-swu-AB0" class="auto internal xref">Section 6.6.3</a>)<a href= "#section-8.7-3.9" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.7-3.10">Z: -11<a href="#section-8.7-3 .10" class="pilcrow">¶</a> <li class="normal" id="section-8.7-3.10">Z: -11<a href="#section-8.7-3 .10" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.7-3.11"> <li class="normal" id="section-8.7-3.11">
<p id="section-8.7-3.11.1">E': y'^2 = x'^3 + A' * x' + B', where<a h ref="#section-8.7-3.11.1" class="pilcrow">¶</a></p> <p id="section-8.7-3.11.1">E': y'^2 = x'^3 + A' * x' + B', where<a h ref="#section-8.7-3.11.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.7-3.11.2">
<li class="normal" id="section-8.7-3.11.2.1">A': 0x3f8731abdd661adca08a5558f0f5d <pre>
272e953d363cb6f0e5d405447c01a444533<a href="#section-8.7-3.11.2.1" class="pilcro - A': 0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01
w">¶</a> a444533
</li>
<li class="normal" id="section-8.7-3.11.2.2">B': 1771<a href="#sec - B': 1771
tion-8.7-3.11.2.2" class="pilcrow">¶</a> </pre><a href="#section-8.7-3.11.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.7-3.12">iso_map: the 3-isogeny map fr om E' to E given in <a href="#appx-iso-secp256k1" class="auto internal xref">App endix E.1</a><a href="#section-8.7-3.12" class="pilcrow">¶</a> <li class="normal" id="section-8.7-3.12">iso_map: the 3-isogeny map fr om E' to E given in <a href="#appx-iso-secp256k1" class="auto internal xref">App endix E.1</a><a href="#section-8.7-3.12" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.7-3.13">h_eff: 1<a href="#section-8.7 -3.13" class="pilcrow">¶</a> <li class="normal" id="section-8.7-3.13">h_eff: 1<a href="#section-8.7 -3.13" class="pilcrow">¶</a>
</li> </li>
</ul> </ul>
<p id="section-8.7-4">secp256k1_XMD:SHA-256_SSWU_NU_ is identical to secp256k1_X MD:SHA-256_SSWU_RO_, <p id="section-8.7-4">secp256k1_XMD:SHA-256_SSWU_NU_ is identical to secp256k1_X MD:SHA-256_SSWU_RO_,
except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.7-4" class="pilcrow">¶</a></p > except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.7-4" class="pilcrow">¶</a></p >
<p id="section-8.7-5">An optimized example implementation of the Simplified SWU mapping <p id="section-8.7-5">An optimized example implementation of the Simplified SWU mapping
to the curve E' isogenous to secp256k1 is given in <a href="#straightline-sswu" class="auto internal xref">Appendix F.2</a>.<a href="#section-8.7-5" class="pilc row">¶</a></p> to the curve E' isogenous to secp256k1 is given in <a href="#straightline-sswu" class="auto internal xref">Appendix F.2</a>.<a href="#section-8.7-5" class="pilc row">¶</a></p>
skipping to change at line 3826 skipping to change at line 3838
<section id="section-8.8.1"> <section id="section-8.8.1">
<h4 id="name-bls12-381-g1"> <h4 id="name-bls12-381-g1">
<a href="#section-8.8.1" class="section-number selfRef">8.8.1. </a><a href="#nam e-bls12-381-g1" class="section-name selfRef">BLS12-381 G1</a> <a href="#section-8.8.1" class="section-number selfRef">8.8.1. </a><a href="#nam e-bls12-381-g1" class="section-name selfRef">BLS12-381 G1</a>
</h4> </h4>
<p id="section-8.8.1-1">BLS12381G1_XMD:SHA-256_SSWU_RO_ is defined as follows:<a href="#section-8.8.1-1" class="pilcrow">¶</a></p> <p id="section-8.8.1-1">BLS12381G1_XMD:SHA-256_SSWU_RO_ is defined as follows:<a href="#section-8.8.1-1" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.8.1-2.1">encoding type: hash_to_curve (<a href= "#roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.8.1-2.1" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.1">encoding type: hash_to_curve (<a href= "#roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.8.1-2.1" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.2">E: y^2 = x^3 + 4<a href="# section-8.8.1-2.2" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.2">E: y^2 = x^3 + 4<a href="# section-8.8.1-2.2" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.3">p: 0x1a0111ea397fe69a4b1ba 7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab<a hr ef="#section-8.8.1-2.3" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.3">p: 0x1a0111ea397fe69a4b1ba 7b6434bacd764774b84f38512bf6730d2a0f6b0f​6241eabfffeb153ffffb9feffffffffaaab<a h ref="#section-8.8.1-2.3" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.4">m: 1<a href="#section-8.8. 1-2.4" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.4">m: 1<a href="#section-8.8. 1-2.4" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.5">k: 128<a href="#section-8. 8.1-2.5" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.5">k: 128<a href="#section-8. 8.1-2.5" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.6">expand_message: expand_mes sage_xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5 .3.1</a>)<a href="#section-8.8.1-2.6" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.6">expand_message: expand_mes sage_xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5 .3.1</a>)<a href="#section-8.8.1-2.6" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.7">H: SHA-256<a href="#sectio n-8.8.1-2.7" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.7">H: SHA-256<a href="#sectio n-8.8.1-2.7" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.8">L: 64<a href="#section-8.8 .1-2.8" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.8">L: 64<a href="#section-8.8 .1-2.8" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.9">f: Simplified SWU for AB = = 0 (<a href="#simple-swu-AB0" class="auto internal xref">Section 6.6.3</a>)<a h ref="#section-8.8.1-2.9" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.9">f: Simplified SWU for AB = = 0 (<a href="#simple-swu-AB0" class="auto internal xref">Section 6.6.3</a>)<a h ref="#section-8.8.1-2.9" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.10">Z: 11<a href="#section-8. 8.1-2.10" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.10">Z: 11<a href="#section-8. 8.1-2.10" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.11"> <li class="normal" id="section-8.8.1-2.11">
<p id="section-8.8.1-2.11.1">E': y'^2 = x'^3 + A' * x' + B', where <a href="#section-8.8.1-2.11.1" class="pilcrow">¶</a></p> <p id="section-8.8.1-2.11.1">E': y'^2 = x'^3 + A' * x' + B', where <a href="#section-8.8.1-2.11.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.8.1-2.11.2">
<li class="normal" id="section-8.8.1-2.11.2.1">A' = 0x144698a3b8e9433d693a02c96d <pre>
4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d<a href="#se - A' = 0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aef
ction-8.8.1-2.11.2.1" class="pilcrow">¶</a> d881ac98936f8da0e0f97f5cf428082d584c1d
</li>
<li class="normal" id="section-8.8.1-2.11.2.2">B' = 0x12e2908d11 - B' = 0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14f
688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e cef35ef55a23215a316ceaa5d1cc48e98e172be0
172be0<a href="#section-8.8.1-2.11.2.2" class="pilcrow">¶</a> </pre><a href="#section-8.8.1-2.11.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.8.1-2.12">iso_map: the 11-isogeny m ap from E' to E given in <a href="#appx-iso-bls12381-g1" class="auto internal xr ef">Appendix E.2</a><a href="#section-8.8.1-2.12" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.12">iso_map: the 11-isogeny m ap from E' to E given in <a href="#appx-iso-bls12381-g1" class="auto internal xr ef">Appendix E.2</a><a href="#section-8.8.1-2.12" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.1-2.13">h_eff: 0xd201000000010001 <a href="#section-8.8.1-2.13" class="pilcrow">¶</a> <li class="normal" id="section-8.8.1-2.13">h_eff: 0xd201000000010001 <a href="#section-8.8.1-2.13" class="pilcrow">¶</a>
</li> </li>
</ul> </ul>
<p id="section-8.8.1-3">BLS12381G1_XMD:SHA-256_SSWU_NU_ is identical to BLS12381 G1_XMD:SHA-256_SSWU_RO_, <p id="section-8.8.1-3">BLS12381G1_XMD:SHA-256_SSWU_NU_ is identical to BLS12381 G1_XMD:SHA-256_SSWU_RO_,
except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.8.1-3" class="pilcrow">¶</a>< /p> except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.8.1-3" class="pilcrow">¶</a>< /p>
<p id="section-8.8.1-4">Note that the h_eff values for these suites are chosen f or compatibility <p id="section-8.8.1-4">Note that the h_eff values for these suites are chosen f or compatibility
with the fast cofactor clearing method described by Scott (<span>[<a href="#WB19 " class="cite xref">WB19</a>]</span>, Section 5).<a href="#section-8.8.1-4" clas s="pilcrow">¶</a></p> with the fast cofactor clearing method described by Scott (<span>[<a href="#WB19 " class="cite xref">WB19</a>]</span>, Section 5).<a href="#section-8.8.1-4" clas s="pilcrow">¶</a></p>
skipping to change at line 3877 skipping to change at line 3892
<a href="#section-8.8.2" class="section-number selfRef">8.8.2. </a><a href="#nam e-bls12-381-g2" class="section-name selfRef">BLS12-381 G2</a> <a href="#section-8.8.2" class="section-number selfRef">8.8.2. </a><a href="#nam e-bls12-381-g2" class="section-name selfRef">BLS12-381 G2</a>
</h4> </h4>
<p id="section-8.8.2-1">BLS12381G2_XMD:SHA-256_SSWU_RO_ is defined as follows:<a href="#section-8.8.2-1" class="pilcrow">¶</a></p> <p id="section-8.8.2-1">BLS12381G2_XMD:SHA-256_SSWU_RO_ is defined as follows:<a href="#section-8.8.2-1" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="section-8.8.2-2.1">encoding type: hash_to_curve (<a href= "#roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.8.2-2.1" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.1">encoding type: hash_to_curve (<a href= "#roadmap" class="auto internal xref">Section 3</a>)<a href="#section-8.8.2-2.1" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.2">E: y^2 = x^3 + 4 * (1 + I) <a href="#section-8.8.2-2.2" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.2">E: y^2 = x^3 + 4 * (1 + I) <a href="#section-8.8.2-2.2" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.3"> <li class="normal" id="section-8.8.2-2.3">
<p id="section-8.8.2-2.3.1">base field F is GF(p^m), where<a href= "#section-8.8.2-2.3.1" class="pilcrow">¶</a></p> <p id="section-8.8.2-2.3.1">base field F is GF(p^m), where<a href= "#section-8.8.2-2.3.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.8.2-2.3.2">
<li class="normal" id="section-8.8.2-2.3.2.1">p: 0x1a0111ea397fe69a4b1ba7b6434ba <pre>
cd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab<a href="#sec - p: 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6
tion-8.8.2-2.3.2.1" class="pilcrow">¶</a> b0f6241eabfffeb153ffffb9feffffffffaaab
</li>
<li class="normal" id="section-8.8.2-2.3.2.2">m: 2<a href="#sect - m: 2
ion-8.8.2-2.3.2.2" class="pilcrow">¶</a>
</li> - (1, I) is the basis for F, where I^2 + 1 == 0 in F
<li class="normal" id="section-8.8.2-2.3.2.3">(1, I) is the basi </pre><a href="#section-8.8.2-2.3.2" class="pilcrow">¶</a>
s for F, where I^2 + 1 == 0 in F<a href="#section-8.8.2-2.3.2.3" class="pilcrow" </div>
>¶</a>
</li>
</ul>
</li> </li>
<li class="normal" id="section-8.8.2-2.4">k: 128<a href="#section-8. 8.2-2.4" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.4">k: 128<a href="#section-8. 8.2-2.4" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.5">expand_message: expand_mes sage_xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5 .3.1</a>)<a href="#section-8.8.2-2.5" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.5">expand_message: expand_mes sage_xmd (<a href="#hashtofield-expand-xmd" class="auto internal xref">Section 5 .3.1</a>)<a href="#section-8.8.2-2.5" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.6">H: SHA-256<a href="#sectio n-8.8.2-2.6" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.6">H: SHA-256<a href="#sectio n-8.8.2-2.6" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.7">L: 64<a href="#section-8.8 .2-2.7" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.7">L: 64<a href="#section-8.8 .2-2.7" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.8">f: Simplified SWU for AB = = 0 (<a href="#simple-swu-AB0" class="auto internal xref">Section 6.6.3</a>)<a h ref="#section-8.8.2-2.8" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.8">f: Simplified SWU for AB = = 0 (<a href="#simple-swu-AB0" class="auto internal xref">Section 6.6.3</a>)<a h ref="#section-8.8.2-2.8" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.9">Z: -(2 + I)<a href="#secti on-8.8.2-2.9" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.9">Z: -(2 + I)<a href="#secti on-8.8.2-2.9" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.10"> <li class="normal" id="section-8.8.2-2.10">
<p id="section-8.8.2-2.10.1">E': y'^2 = x'^3 + A' * x' + B', where <a href="#section-8.8.2-2.10.1" class="pilcrow">¶</a></p> <p id="section-8.8.2-2.10.1">E': y'^2 = x'^3 + A' * x' + B', where <a href="#section-8.8.2-2.10.1" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="section-8.8.2-2.10.2">
<li class="normal" id="section-8.8.2-2.10.2.1">A' = 240 * I<a href="#section-8.8 <pre>
.2-2.10.2.1" class="pilcrow">¶</a> - A' = 240 * I
</li>
<li class="normal" id="section-8.8.2-2.10.2.2">B' = 1012 * (1 + - B' = 1012 * (1 + I)
I)<a href="#section-8.8.2-2.10.2.2" class="pilcrow">¶</a> </pre><a href="#section-8.8.2-2.10.2" class="pilcrow">¶</a>
</li> </div>
</ul>
</li> </li>
<li class="normal" id="section-8.8.2-2.11">iso_map: the isogeny map from E' to E given in <a href="#appx-iso-bls12381-g2" class="auto internal xref" >Appendix E.3</a><a href="#section-8.8.2-2.11" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.11">iso_map: the isogeny map from E' to E given in <a href="#appx-iso-bls12381-g2" class="auto internal xref" >Appendix E.3</a><a href="#section-8.8.2-2.11" class="pilcrow">¶</a>
</li> </li>
<li class="normal" id="section-8.8.2-2.12">h_eff: 0xbc69f08f2ee75b35 84c6a0ea91b352888e2a8e9145ad7689986ff031508ffe1329c2f178731db956d82bf015d1212b02 ec0ec69d7477c1ae954cbc06689f6a359894c0adebbf6b4e8020005aaa95551<a href="#section -8.8.2-2.12" class="pilcrow">¶</a> <li class="normal" id="section-8.8.2-2.12">h_eff: 0xbc69f08f2ee75b35 84c6a0ea91b352888e2a8e9145ad7689986ff031​508ffe1329c2f178731db956d82bf015d1212b0 2ec0ec69d7477c1ae954cbc066​89f6a359894c0adebbf6b4e8020005aaa95551<a href="#secti on-8.8.2-2.12" class="pilcrow">¶</a>
</li> </li>
</ul> </ul>
<p id="section-8.8.2-3">BLS12381G2_XMD:SHA-256_SSWU_NU_ is identical to BLS12381 G2_XMD:SHA-256_SSWU_RO_, <p id="section-8.8.2-3">BLS12381G2_XMD:SHA-256_SSWU_NU_ is identical to BLS12381 G2_XMD:SHA-256_SSWU_RO_,
except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.8.2-3" class="pilcrow">¶</a>< /p> except that the encoding type is encode_to_curve (<a href="#roadmap" class="auto internal xref">Section 3</a>).<a href="#section-8.8.2-3" class="pilcrow">¶</a>< /p>
<p id="section-8.8.2-4">Note that the h_eff values for these suites are chosen f or compatibility <p id="section-8.8.2-4">Note that the h_eff values for these suites are chosen f or compatibility
with the fast cofactor clearing method described by with the fast cofactor clearing method described by
Budroni and Pintore (<span>[<a href="#BP17" class="cite xref">BP17</a>]</span>, Section 4.1) and are summarized in <a href="#clear-cofactor-bls12381-g2" class=" auto internal xref">Appendix G.3</a>.<a href="#section-8.8.2-4" class="pilcrow"> ¶</a></p> Budroni and Pintore (<span>[<a href="#BP17" class="cite xref">BP17</a>]</span>, Section 4.1) and are summarized in <a href="#clear-cofactor-bls12381-g2" class=" auto internal xref">Appendix G.3</a>.<a href="#section-8.8.2-4" class="pilcrow"> ¶</a></p>
<p id="section-8.8.2-5">An optimized example implementation of the Simplified SW U mapping <p id="section-8.8.2-5">An optimized example implementation of the Simplified SW U mapping
to the curve E' isogenous to BLS12-381 G2 is given in <a href="#straightline-ssw u" class="auto internal xref">Appendix F.2</a>.<a href="#section-8.8.2-5" class= "pilcrow">¶</a></p> to the curve E' isogenous to BLS12-381 G2 is given in <a href="#straightline-ssw u" class="auto internal xref">Appendix F.2</a>.<a href="#section-8.8.2-5" class= "pilcrow">¶</a></p>
</section> </section>
skipping to change at line 5177 skipping to change at line 5195
<p id="appendix-E.1-3.2.1">y = y' * y_num / y_den, where<a href="#ap pendix-E.1-3.2.1" class="pilcrow">¶</a></p> <p id="appendix-E.1-3.2.1">y = y' * y_num / y_den, where<a href="#ap pendix-E.1-3.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="appendix-E.1-3.2.2.1">y_num = k_(3,3) * x'^3 + k_(3,2) * x'^2 + k_(3,1) * x' + k_(3,0)<a href="#appendix-E.1-3.2.2.1" class="pilcrow">¶</ a> <li class="normal" id="appendix-E.1-3.2.2.1">y_num = k_(3,3) * x'^3 + k_(3,2) * x'^2 + k_(3,1) * x' + k_(3,0)<a href="#appendix-E.1-3.2.2.1" class="pilcrow">¶</ a>
</li> </li>
<li class="normal" id="appendix-E.1-3.2.2.2">y_den = x'^3 + k_(4,2 ) * x'^2 + k_(4,1) * x' + k_(4,0)<a href="#appendix-E.1-3.2.2.2" class="pilcrow" >¶</a> <li class="normal" id="appendix-E.1-3.2.2.2">y_den = x'^3 + k_(4,2 ) * x'^2 + k_(4,1) * x' + k_(4,0)<a href="#appendix-E.1-3.2.2.2" class="pilcrow" >¶</a>
</li> </li>
</ul> </ul>
</li> </li>
</ul> </ul>
<p id="appendix-E.1-4">The constants used to compute x_num are as follows:<a hre f="#appendix-E.1-4" class="pilcrow">¶</a></p> <p id="appendix-E.1-4">The constants used to compute x_num are as follows:<a hre f="#appendix-E.1-4" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.1-5">
<li class="normal" id="appendix-E.1-5.1">k_(1,0) = 0x8e38e38e38e38e38e38e38e38e3 <pre>
8e38e38e38e38e38e38e38e38e38daaaaa8c7<a href="#appendix-E.1-5.1" class="pilcrow" * k_(1,0) =
>¶</a> 0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7
</li>
<li class="normal" id="appendix-E.1-5.2">k_(1,1) = 0x7d3d4c80bc321d5b9 * k_(1,1) =
f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581<a href="#appendix-E.1-5.2" class= 0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581
"pilcrow">¶</a>
</li> * k_(1,2) =
<li class="normal" id="appendix-E.1-5.3">k_(1,2) = 0x534c328d23f234e6e 0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262
2a413deca25caece4506144037c40314ecbd0b53d9dd262<a href="#appendix-E.1-5.3" class
="pilcrow">¶</a> * k_(1,3) =
</li> 0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c
<li class="normal" id="appendix-E.1-5.4">k_(1,3) = 0x8e38e38e38e38e38e </pre><a href="#appendix-E.1-5" class="pilcrow">¶</a>
38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c<a href="#appendix-E.1-5.4" class </div>
="pilcrow">¶</a>
</li>
</ul>
<p id="appendix-E.1-6">The constants used to compute x_den are as follows:<a hre f="#appendix-E.1-6" class="pilcrow">¶</a></p> <p id="appendix-E.1-6">The constants used to compute x_den are as follows:<a hre f="#appendix-E.1-6" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.1-7">
<li class="normal" id="appendix-E.1-7.1">k_(2,0) = 0xd35771193d94918a9ca34ccbb7b <pre>
640dd86cd409542f8487d9fe6b745781eb49b<a href="#appendix-E.1-7.1" class="pilcrow" * k_(2,0) =
>¶</a> 0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b
</li>
<li class="normal" id="appendix-E.1-7.2">k_(2,1) = 0xedadc6f64383dc1df * k_(2,1) =
7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14<a href="#appendix-E.1-7.2" class 0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14
="pilcrow">¶</a> </pre><a href="#appendix-E.1-7" class="pilcrow">¶</a>
</li> </div>
</ul>
<p id="appendix-E.1-8">The constants used to compute y_num are as follows:<a hre f="#appendix-E.1-8" class="pilcrow">¶</a></p> <p id="appendix-E.1-8">The constants used to compute y_num are as follows:<a hre f="#appendix-E.1-8" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.1-9">
<li class="normal" id="appendix-E.1-9.1">k_(3,0) = 0x4bda12f684bda12f684bda12f68 <pre>
4bda12f684bda12f684bda12f684b8e38e23c<a href="#appendix-E.1-9.1" class="pilcrow" * k_(3,0) =
>¶</a> 0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c
</li>
<li class="normal" id="appendix-E.1-9.2">k_(3,1) = 0xc75e0c32d5cb7c0fa * k_(3,1) =
9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3<a href="#appendix-E.1-9.2" class 0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3
="pilcrow">¶</a>
</li> * k_(3,2) =
<li class="normal" id="appendix-E.1-9.3">k_(3,2) = 0x29a6194691f91a737 0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931
15209ef6512e576722830a201be2018a765e85a9ecee931<a href="#appendix-E.1-9.3" class
="pilcrow">¶</a> * k_(3,3) =
</li> 0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84
<li class="normal" id="appendix-E.1-9.4">k_(3,3) = 0x2f684bda12f684bda </pre><a href="#appendix-E.1-9" class="pilcrow">¶</a>
12f684bda12f684bda12f684bda12f684bda12f38e38d84<a href="#appendix-E.1-9.4" class </div>
="pilcrow">¶</a>
</li>
</ul>
<p id="appendix-E.1-10">The constants used to compute y_den are as follows:<a hr ef="#appendix-E.1-10" class="pilcrow">¶</a></p> <p id="appendix-E.1-10">The constants used to compute y_den are as follows:<a hr ef="#appendix-E.1-10" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.1-11">
<li class="normal" id="appendix-E.1-11.1">k_(4,0) = 0xffffffffffffffffffffffffff <pre>
fffffffffffffffffffffffffffffefffff93b<a href="#appendix-E.1-11.1" class="pilcro * k_(4,0) =
w">¶</a> 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b
</li>
<li class="normal" id="appendix-E.1-11.2">k_(4,1) = 0x7a06534bb8bdb49f * k_(4,1) =
d5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573<a href="#appendix-E.1-11.2" cla 0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573
ss="pilcrow">¶</a>
</li> * k_(4,2) =
<li class="normal" id="appendix-E.1-11.3">k_(4,2) = 0x6484aa716545ca2c 0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f
f3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f<a href="#appendix-E.1-11.3" cla </pre><a href="#appendix-E.1-11" class="pilcrow">¶</a>
ss="pilcrow">¶</a> </div>
</li>
</ul>
</section> </section>
</div> </div>
<div id="appx-iso-bls12381-g1"> <div id="appx-iso-bls12381-g1">
<section id="appendix-E.2"> <section id="appendix-E.2">
<h3 id="name-11-isogeny-map-for-bls12-38"> <h3 id="name-11-isogeny-map-for-bls12-38">
<a href="#appendix-E.2" class="section-number selfRef">E.2. </a><a href="#name-1 1-isogeny-map-for-bls12-38" class="section-name selfRef">11-Isogeny Map for BLS1 2-381 G1</a> <a href="#appendix-E.2" class="section-number selfRef">E.2. </a><a href="#name-1 1-isogeny-map-for-bls12-38" class="section-name selfRef">11-Isogeny Map for BLS1 2-381 G1</a>
</h3> </h3>
<p id="appendix-E.2-1">The 11-isogeny map from (x', y') on E' to (x, y) on E is given by the following rational functions:<a href="#appendix-E.2-1" class="pilcr ow">¶</a></p> <p id="appendix-E.2-1">The 11-isogeny map from (x', y') on E' to (x, y) on E is given by the following rational functions:<a href="#appendix-E.2-1" class="pilcr ow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="appendix-E.2-2.1"> <li class="normal" id="appendix-E.2-2.1">
skipping to change at line 5243 skipping to change at line 5278
<p id="appendix-E.2-2.2.1">y = y' * y_num / y_den, where<a href="#ap pendix-E.2-2.2.1" class="pilcrow">¶</a></p> <p id="appendix-E.2-2.2.1">y = y' * y_num / y_den, where<a href="#ap pendix-E.2-2.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="appendix-E.2-2.2.2.1">y_num = k_(3,15) * x'^15 + k_(3,14) * x'^14 + k_(3,13) * x'^13 + ... + k_(3,0)<a href="#appendix-E.2-2.2.2.1" class ="pilcrow">¶</a> <li class="normal" id="appendix-E.2-2.2.2.1">y_num = k_(3,15) * x'^15 + k_(3,14) * x'^14 + k_(3,13) * x'^13 + ... + k_(3,0)<a href="#appendix-E.2-2.2.2.1" class ="pilcrow">¶</a>
</li> </li>
<li class="normal" id="appendix-E.2-2.2.2.2">y_den = x'^15 + k_(4, 14) * x'^14 + k_(4,13) * x'^13 + ... + k_(4,0)<a href="#appendix-E.2-2.2.2.2" cl ass="pilcrow">¶</a> <li class="normal" id="appendix-E.2-2.2.2.2">y_den = x'^15 + k_(4, 14) * x'^14 + k_(4,13) * x'^13 + ... + k_(4,0)<a href="#appendix-E.2-2.2.2.2" cl ass="pilcrow">¶</a>
</li> </li>
</ul> </ul>
</li> </li>
</ul> </ul>
<p id="appendix-E.2-3">The constants used to compute x_num are as follows:<a hre f="#appendix-E.2-3" class="pilcrow">¶</a></p> <p id="appendix-E.2-3">The constants used to compute x_num are as follows:<a hre f="#appendix-E.2-3" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.2-4">
<li class="normal" id="appendix-E.2-4.1">k_(1,0) = 0x11a05f2b1e833340b809101dd99 <pre>
815856b303e88a2d7005ff2627b56cdb4e2c85610c2d5f2e62d6eaeac1662734649b7<a href="#a * k_(1,0) = 0x11a05f2b1e833340b809101dd99815856b303e88a2d7005ff2627b
ppendix-E.2-4.1" class="pilcrow">¶</a> 56cdb4e2c85610c2d5f2e62d6eaeac1662734649b7
</li>
<li class="normal" id="appendix-E.2-4.2">k_(1,1) = 0x17294ed3e943ab2f0 * k_(1,1) = 0x17294ed3e943ab2f0588bab22147a81c7c17e75b2f6a8417f565e3
588bab22147a81c7c17e75b2f6a8417f565e33c70d1e86b4838f2a6f318c356e834eef1b3cb83bb< 3c70d1e86b4838f2a6f318c356e834eef1b3cb83bb
a href="#appendix-E.2-4.2" class="pilcrow">¶</a>
</li> * k_(1,2) = 0xd54005db97678ec1d1048c5d10a9a1bce032473295983e56878e50
<li class="normal" id="appendix-E.2-4.3">k_(1,2) = 0xd54005db97678ec1d 1ec68e25c958c3e3d2a09729fe0179f9dac9edcb0
1048c5d10a9a1bce032473295983e56878e501ec68e25c958c3e3d2a09729fe0179f9dac9edcb0<a
href="#appendix-E.2-4.3" class="pilcrow">¶</a> * k_(1,3) = 0x1778e7166fcc6db74e0609d307e55412d7f5e4656a8dbf25f1b332
</li> 89f1b330835336e25ce3107193c5b388641d9b6861
<li class="normal" id="appendix-E.2-4.4">k_(1,3) = 0x1778e7166fcc6db74
e0609d307e55412d7f5e4656a8dbf25f1b33289f1b330835336e25ce3107193c5b388641d9b6861< * k_(1,4) = 0xe99726a3199f4436642b4b3e4118e5499db995a1257fb3f086eeb6
a href="#appendix-E.2-4.4" class="pilcrow">¶</a> 5982fac18985a286f301e77c451154ce9ac8895d9
</li>
<li class="normal" id="appendix-E.2-4.5">k_(1,4) = 0xe99726a3199f44366 * k_(1,5) = 0x1630c3250d7313ff01d1201bf7a74ab5db3cb17dd952799b9ed3ab
42b4b3e4118e5499db995a1257fb3f086eeb65982fac18985a286f301e77c451154ce9ac8895d9<a 9097e68f90a0870d2dcae73d19cd13c1c66f652983
href="#appendix-E.2-4.5" class="pilcrow">¶</a>
</li> * k_(1,6) = 0xd6ed6553fe44d296a3726c38ae652bfb11586264f0f8ce19008e21
<li class="normal" id="appendix-E.2-4.6">k_(1,5) = 0x1630c3250d7313ff0 8f9c86b2a8da25128c1052ecaddd7f225a139ed84
1d1201bf7a74ab5db3cb17dd952799b9ed3ab9097e68f90a0870d2dcae73d19cd13c1c66f652983<
a href="#appendix-E.2-4.6" class="pilcrow">¶</a> * k_(1,7) = 0x17b81e7701abdbe2e8743884d1117e53356de5ab275b4db1a682c6
</li> 2ef0f2753339b7c8f8c8f475af9ccb5618e3f0c88e
<li class="normal" id="appendix-E.2-4.7">k_(1,6) = 0xd6ed6553fe44d296a
3726c38ae652bfb11586264f0f8ce19008e218f9c86b2a8da25128c1052ecaddd7f225a139ed84<a * k_(1,8) = 0x80d3cf1f9a78fc47b90b33563be990dc43b756ce79f5574a2c596c
href="#appendix-E.2-4.7" class="pilcrow">¶</a> 928c5d1de4fa295f296b74e956d71986a8497e317
</li>
<li class="normal" id="appendix-E.2-4.8">k_(1,7) = 0x17b81e7701abdbe2e * k_(1,9) = 0x169b1f8e1bcfa7c42e0c37515d138f22dd2ecb803a0c5c99676314
8743884d1117e53356de5ab275b4db1a682c62ef0f2753339b7c8f8c8f475af9ccb5618e3f0c88e< baf4bb1b7fa3190b2edc0327797f241067be390c9e
a href="#appendix-E.2-4.8" class="pilcrow">¶</a>
</li> * k_(1,10) = 0x10321da079ce07e272d8ec09d2565b0dfa7dccdde6787f96d50af
<li class="normal" id="appendix-E.2-4.9">k_(1,8) = 0x80d3cf1f9a78fc47b 36003b14866f69b771f8c285decca67df3f1605fb7b
90b33563be990dc43b756ce79f5574a2c596c928c5d1de4fa295f296b74e956d71986a8497e317<a
href="#appendix-E.2-4.9" class="pilcrow">¶</a> * k_(1,11) = 0x6e08c248e260e70bd1e962381edee3d31d79d7e22c837bc23c0bf
</li> 1bc24c6b68c24b1b80b64d391fa9c8ba2e8ba2d229
<li class="normal" id="appendix-E.2-4.10">k_(1,9) = 0x169b1f8e1bcfa7c4 </pre><a href="#appendix-E.2-4" class="pilcrow">¶</a>
2e0c37515d138f22dd2ecb803a0c5c99676314baf4bb1b7fa3190b2edc0327797f241067be390c9e </div>
<a href="#appendix-E.2-4.10" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-4.11">k_(1,10) = 0x10321da079ce07e
272d8ec09d2565b0dfa7dccdde6787f96d50af36003b14866f69b771f8c285decca67df3f1605fb7
b<a href="#appendix-E.2-4.11" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-4.12">k_(1,11) = 0x6e08c248e260e70
bd1e962381edee3d31d79d7e22c837bc23c0bf1bc24c6b68c24b1b80b64d391fa9c8ba2e8ba2d229
<a href="#appendix-E.2-4.12" class="pilcrow">¶</a>
</li>
</ul>
<p id="appendix-E.2-5">The constants used to compute x_den are as follows:<a hre f="#appendix-E.2-5" class="pilcrow">¶</a></p> <p id="appendix-E.2-5">The constants used to compute x_den are as follows:<a hre f="#appendix-E.2-5" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.2-6">
<li class="normal" id="appendix-E.2-6.1">k_(2,0) = 0x8ca8d548cff19ae18b2e62f4bd3 <pre>
fa6f01d5ef4ba35b48ba9c9588617fc8ac62b558d681be343df8993cf9fa40d21b1c<a href="#ap * k_(2,0) = 0x8ca8d548cff19ae18b2e62f4bd3fa6f01d5ef4ba35b48ba9c95886
pendix-E.2-6.1" class="pilcrow">¶</a> 17fc8ac62b558d681be343df8993cf9fa40d21b1c
</li>
<li class="normal" id="appendix-E.2-6.2">k_(2,1) = 0x12561a5deb559c434 * k_(2,1) = 0x12561a5deb559c4348b4711298e536367041e8ca0cf0800c0126c2
8b4711298e536367041e8ca0cf0800c0126c2588c48bf5713daa8846cb026e9e5c8276ec82b3bff< 588c48bf5713daa8846cb026e9e5c8276ec82b3bff
a href="#appendix-E.2-6.2" class="pilcrow">¶</a>
</li> * k_(2,2) = 0xb2962fe57a3225e8137e629bff2991f6f89416f5a718cd1fca64e0
<li class="normal" id="appendix-E.2-6.3">k_(2,2) = 0xb2962fe57a3225e81 0b11aceacd6a3d0967c94fedcfcc239ba5cb83e19
37e629bff2991f6f89416f5a718cd1fca64e00b11aceacd6a3d0967c94fedcfcc239ba5cb83e19<a
href="#appendix-E.2-6.3" class="pilcrow">¶</a> * k_(2,3) = 0x3425581a58ae2fec83aafef7c40eb545b08243f16b1655154cca8a
</li> bc28d6fd04976d5243eecf5c4130de8938dc62cd8
<li class="normal" id="appendix-E.2-6.4">k_(2,3) = 0x3425581a58ae2fec8
3aafef7c40eb545b08243f16b1655154cca8abc28d6fd04976d5243eecf5c4130de8938dc62cd8<a * k_(2,4) = 0x13a8e162022914a80a6f1d5f43e7a07dffdfc759a12062bb8d6b44
href="#appendix-E.2-6.4" class="pilcrow">¶</a> e833b306da9bd29ba81f35781d539d395b3532a21e
</li>
<li class="normal" id="appendix-E.2-6.5">k_(2,4) = 0x13a8e162022914a80 * k_(2,5) = 0xe7355f8e4e667b955390f7f0506c6e9395735e9ce9cad4d0a43bce
a6f1d5f43e7a07dffdfc759a12062bb8d6b44e833b306da9bd29ba81f35781d539d395b3532a21e< f24b8982f7400d24bc4228f11c02df9a29f6304a5
a href="#appendix-E.2-6.5" class="pilcrow">¶</a>
</li> * k_(2,6) = 0x772caacf16936190f3e0c63e0596721570f5799af53a1894e2e073
<li class="normal" id="appendix-E.2-6.6">k_(2,5) = 0xe7355f8e4e667b955 062aede9cea73b3538f0de06cec2574496ee84a3a
390f7f0506c6e9395735e9ce9cad4d0a43bcef24b8982f7400d24bc4228f11c02df9a29f6304a5<a
href="#appendix-E.2-6.6" class="pilcrow">¶</a> * k_(2,7) = 0x14a7ac2a9d64a8b230b3f5b074cf01996e7f63c21bca68a81996e1
</li> cdf9822c580fa5b9489d11e2d311f7d99bbdcc5a5e
<li class="normal" id="appendix-E.2-6.7">k_(2,6) = 0x772caacf16936190f
3e0c63e0596721570f5799af53a1894e2e073062aede9cea73b3538f0de06cec2574496ee84a3a<a * k_(2,8) = 0xa10ecf6ada54f825e920b3dafc7a3cce07f8d1d7161366b74100da
href="#appendix-E.2-6.7" class="pilcrow">¶</a> 67f39883503826692abba43704776ec3a79a1d641
</li>
<li class="normal" id="appendix-E.2-6.8">k_(2,7) = 0x14a7ac2a9d64a8b23 * k_(2,9) = 0x95fc13ab9e92ad4476d6e3eb3a56680f682b4ee96f7d03776df533
0b3f5b074cf01996e7f63c21bca68a81996e1cdf9822c580fa5b9489d11e2d311f7d99bbdcc5a5e< 978f31c1593174e4b4b7865002d6384d168ecdd0a
a href="#appendix-E.2-6.8" class="pilcrow">¶</a> </pre><a href="#appendix-E.2-6" class="pilcrow">¶</a>
</li> </div>
<li class="normal" id="appendix-E.2-6.9">k_(2,8) = 0xa10ecf6ada54f825e
920b3dafc7a3cce07f8d1d7161366b74100da67f39883503826692abba43704776ec3a79a1d641<a
href="#appendix-E.2-6.9" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-6.10">k_(2,9) = 0x95fc13ab9e92ad44
76d6e3eb3a56680f682b4ee96f7d03776df533978f31c1593174e4b4b7865002d6384d168ecdd0a<
a href="#appendix-E.2-6.10" class="pilcrow">¶</a>
</li>
</ul>
<p id="appendix-E.2-7">The constants used to compute y_num are as follows:<a hre f="#appendix-E.2-7" class="pilcrow">¶</a></p> <p id="appendix-E.2-7">The constants used to compute y_num are as follows:<a hre f="#appendix-E.2-7" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.2-8">
<li class="normal" id="appendix-E.2-8.1">k_(3,0) = 0x90d97c81ba24ee0259d1f094980 <pre>
dcfa11ad138e48a869522b52af6c956543d3cd0c7aee9b3ba3c2be9845719707bb33<a href="#ap * k_(3,0) = 0x90d97c81ba24ee0259d1f094980dcfa11ad138e48a869522b52af6
pendix-E.2-8.1" class="pilcrow">¶</a> c956543d3cd0c7aee9b3ba3c2be9845719707bb33
</li>
<li class="normal" id="appendix-E.2-8.2">k_(3,1) = 0x134996a104ee5811d * k_(3,1) = 0x134996a104ee5811d51036d776fb46831223e96c254f383d0f9063
51036d776fb46831223e96c254f383d0f906343eb67ad34d6c56711962fa8bfe097e75a2e41c696< 43eb67ad34d6c56711962fa8bfe097e75a2e41c696
a href="#appendix-E.2-8.2" class="pilcrow">¶</a>
</li> * k_(3,2) = 0xcc786baa966e66f4a384c86a3b49942552e2d658a31ce2c344be4b
<li class="normal" id="appendix-E.2-8.3">k_(3,2) = 0xcc786baa966e66f4a 91400da7d26d521628b00523b8dfe240c72de1f6
384c86a3b49942552e2d658a31ce2c344be4b91400da7d26d521628b00523b8dfe240c72de1f6<a
href="#appendix-E.2-8.3" class="pilcrow">¶</a> * k_(3,3) = 0x1f86376e8981c217898751ad8746757d42aa7b90eeb791c09e4a3e
</li> c03251cf9de405aba9ec61deca6355c77b0e5f4cb
<li class="normal" id="appendix-E.2-8.4">k_(3,3) = 0x1f86376e8981c2178
98751ad8746757d42aa7b90eeb791c09e4a3ec03251cf9de405aba9ec61deca6355c77b0e5f4cb<a * k_(3,4) = 0x8cc03fdefe0ff135caf4fe2a21529c4195536fbe3ce50b879833fd
href="#appendix-E.2-8.4" class="pilcrow">¶</a> 221351adc2ee7f8dc099040a841b6daecf2e8fedb
</li>
<li class="normal" id="appendix-E.2-8.5">k_(3,4) = 0x8cc03fdefe0ff135c * k_(3,5) = 0x16603fca40634b6a2211e11db8f0a6a074a7d0d4afadb7bd76505c
af4fe2a21529c4195536fbe3ce50b879833fd221351adc2ee7f8dc099040a841b6daecf2e8fedb<a 3d3ad5544e203f6326c95a807299b23ab13633a5f0
href="#appendix-E.2-8.5" class="pilcrow">¶</a>
</li> * k_(3,6) = 0x4ab0b9bcfac1bbcb2c977d027796b3ce75bb8ca2be184cb5231413
<li class="normal" id="appendix-E.2-8.6">k_(3,5) = 0x16603fca40634b6a2 c4d634f3747a87ac2460f415ec961f8855fe9d6f2
211e11db8f0a6a074a7d0d4afadb7bd76505c3d3ad5544e203f6326c95a807299b23ab13633a5f0<
a href="#appendix-E.2-8.6" class="pilcrow">¶</a> * k_(3,7) = 0x987c8d5333ab86fde9926bd2ca6c674170a05bfe3bdd81ffd038da
</li> 6c26c842642f64550fedfe935a15e4ca31870fb29
<li class="normal" id="appendix-E.2-8.7">k_(3,6) = 0x4ab0b9bcfac1bbcb2
c977d027796b3ce75bb8ca2be184cb5231413c4d634f3747a87ac2460f415ec961f8855fe9d6f2<a * k_(3,8) = 0x9fc4018bd96684be88c9e221e4da1bb8f3abd16679dc26c1e8b6e6
href="#appendix-E.2-8.7" class="pilcrow">¶</a> a1f20cabe69d65201c78607a360370e577bdba587
</li>
<li class="normal" id="appendix-E.2-8.8">k_(3,7) = 0x987c8d5333ab86fde * k_(3,9) = 0xe1bba7a1186bdb5223abde7ada14a23c42a0ca7915af6fe06985e7
9926bd2ca6c674170a05bfe3bdd81ffd038da6c26c842642f64550fedfe935a15e4ca31870fb29<a ed1e4d43b9b3f7055dd4eba6f2bafaaebca731c30
href="#appendix-E.2-8.8" class="pilcrow">¶</a>
</li> * k_(3,10) = 0x19713e47937cd1be0dfd0b8f1d43fb93cd2fcbcb6caf493fd1183
<li class="normal" id="appendix-E.2-8.9">k_(3,8) = 0x9fc4018bd96684be8 e416389e61031bf3a5cce3fbafce813711ad011c132
8c9e221e4da1bb8f3abd16679dc26c1e8b6e6a1f20cabe69d65201c78607a360370e577bdba587<a
href="#appendix-E.2-8.9" class="pilcrow">¶</a> * k_(3,11) = 0x18b46a908f36f6deb918c143fed2edcc523559b8aaf0c2462e6bf
</li> e7f911f643249d9cdf41b44d606ce07c8a4d0074d8e
<li class="normal" id="appendix-E.2-8.10">k_(3,9) = 0xe1bba7a1186bdb52
23abde7ada14a23c42a0ca7915af6fe06985e7ed1e4d43b9b3f7055dd4eba6f2bafaaebca731c30< * k_(3,12) = 0xb182cac101b9399d155096004f53f447aa7b12a3426b08ec02710
a href="#appendix-E.2-8.10" class="pilcrow">¶</a> e807b4633f06c851c1919211f20d4c04f00b971ef8
</li>
<li class="normal" id="appendix-E.2-8.11">k_(3,10) = 0x19713e47937cd1b * k_(3,13) = 0x245a394ad1eca9b72fc00ae7be315dc757b3b080d4c158013e663
e0dfd0b8f1d43fb93cd2fcbcb6caf493fd1183e416389e61031bf3a5cce3fbafce813711ad011c13 2d3c40659cc6cf90ad1c232a6442d9d3f5db980133
2<a href="#appendix-E.2-8.11" class="pilcrow">¶</a>
</li> * k_(3,14) = 0x5c129645e44cf1102a159f748c4a3fc5e673d81d7e86568d9ab0f
<li class="normal" id="appendix-E.2-8.12">k_(3,11) = 0x18b46a908f36f6d 5d396a7ce46ba1049b6579afb7866b1e715475224b
eb918c143fed2edcc523559b8aaf0c2462e6bfe7f911f643249d9cdf41b44d606ce07c8a4d0074d8
e<a href="#appendix-E.2-8.12" class="pilcrow">¶</a> * k_(3,15) = 0x15e6be4e990f03ce4ea50b3b42df2eb5cb181d8f84965a3957add
</li> 4fa95af01b2b665027efec01c7704b456be69c8b604
<li class="normal" id="appendix-E.2-8.13">k_(3,12) = 0xb182cac101b9399 </pre><a href="#appendix-E.2-8" class="pilcrow">¶</a>
d155096004f53f447aa7b12a3426b08ec02710e807b4633f06c851c1919211f20d4c04f00b971ef8 </div>
<a href="#appendix-E.2-8.13" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-8.14">k_(3,13) = 0x245a394ad1eca9b
72fc00ae7be315dc757b3b080d4c158013e6632d3c40659cc6cf90ad1c232a6442d9d3f5db980133
<a href="#appendix-E.2-8.14" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-8.15">k_(3,14) = 0x5c129645e44cf11
02a159f748c4a3fc5e673d81d7e86568d9ab0f5d396a7ce46ba1049b6579afb7866b1e715475224b
<a href="#appendix-E.2-8.15" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-8.16">k_(3,15) = 0x15e6be4e990f03c
e4ea50b3b42df2eb5cb181d8f84965a3957add4fa95af01b2b665027efec01c7704b456be69c8b60
4<a href="#appendix-E.2-8.16" class="pilcrow">¶</a>
</li>
</ul>
<p id="appendix-E.2-9">The constants used to compute y_den are as follows:<a hre f="#appendix-E.2-9" class="pilcrow">¶</a></p> <p id="appendix-E.2-9">The constants used to compute y_den are as follows:<a hre f="#appendix-E.2-9" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.2-10">
<li class="normal" id="appendix-E.2-10.1">k_(4,0) = 0x16112c4c3a9c98b252181140fa <pre>
d0eae9601a6de578980be6eec3232b5be72e7a07f3688ef60c206d01479253b03663c1<a href="# * k_(4,0) = 0x16112c4c3a9c98b252181140fad0eae9601a6de578980be6eec323
appendix-E.2-10.1" class="pilcrow">¶</a> 2b5be72e7a07f3688ef60c206d01479253b03663c1
</li>
<li class="normal" id="appendix-E.2-10.2">k_(4,1) = 0x1962d75c2381201e * k_(4,1) = 0x1962d75c2381201e1a0cbd6c43c348b885c84ff731c4d59ca4a103
1a0cbd6c43c348b885c84ff731c4d59ca4a10356f453e01f78a4260763529e3532f6102c2e49a03d 56f453e01f78a4260763529e3532f6102c2e49a03d
<a href="#appendix-E.2-10.2" class="pilcrow">¶</a>
</li> * k_(4,2) = 0x58df3306640da276faaae7d6e8eb15778c4855551ae7f310c35a5d
<li class="normal" id="appendix-E.2-10.3">k_(4,2) = 0x58df3306640da276 d279cd2eca6757cd636f96f891e2538b53dbf67f2
faaae7d6e8eb15778c4855551ae7f310c35a5dd279cd2eca6757cd636f96f891e2538b53dbf67f2<
a href="#appendix-E.2-10.3" class="pilcrow">¶</a> * k_(4,3) = 0x16b7d288798e5395f20d23bf89edb4d1d115c5dbddbcd30e123da4
</li> 89e726af41727364f2c28297ada8d26d98445f5416
<li class="normal" id="appendix-E.2-10.4">k_(4,3) = 0x16b7d288798e5395
f20d23bf89edb4d1d115c5dbddbcd30e123da489e726af41727364f2c28297ada8d26d98445f5416 * k_(4,4) = 0xbe0e079545f43e4b00cc912f8228ddcc6d19c9f0f69bbb0542eda0
<a href="#appendix-E.2-10.4" class="pilcrow">¶</a> fc9dec916a20b15dc0fd2ededda39142311a5001d
</li>
<li class="normal" id="appendix-E.2-10.5">k_(4,4) = 0xbe0e079545f43e4b * k_(4,5) = 0x8d9e5297186db2d9fb266eaac783182b70152c65550d881c5ecd87
00cc912f8228ddcc6d19c9f0f69bbb0542eda0fc9dec916a20b15dc0fd2ededda39142311a5001d< b6f0f5a6449f38db9dfa9cce202c6477faaf9b7ac
a href="#appendix-E.2-10.5" class="pilcrow">¶</a>
</li> * k_(4,6) = 0x166007c08a99db2fc3ba8734ace9824b5eecfdfa8d0cf8ef5dd365
<li class="normal" id="appendix-E.2-10.6">k_(4,5) = 0x8d9e5297186db2d9 bc400a0051d5fa9c01a58b1fb93d1a1399126a775c
fb266eaac783182b70152c65550d881c5ecd87b6f0f5a6449f38db9dfa9cce202c6477faaf9b7ac<
a href="#appendix-E.2-10.6" class="pilcrow">¶</a> * k_(4,7) = 0x16a3ef08be3ea7ea03bcddfabba6ff6ee5a4375efa1f4fd7feb34f
</li> d206357132b920f5b00801dee460ee415a15812ed9
<li class="normal" id="appendix-E.2-10.7">k_(4,6) = 0x166007c08a99db2f
c3ba8734ace9824b5eecfdfa8d0cf8ef5dd365bc400a0051d5fa9c01a58b1fb93d1a1399126a775c * k_(4,8) = 0x1866c8ed336c61231a1be54fd1d74cc4f9fb0ce4c6af5920abc575
<a href="#appendix-E.2-10.7" class="pilcrow">¶</a> 0c4bf39b4852cfe2f7bb9248836b233d9d55535d4a
</li>
<li class="normal" id="appendix-E.2-10.8">k_(4,7) = 0x16a3ef08be3ea7ea * k_(4,9) = 0x167a55cda70a6e1cea820597d94a84903216f763e13d87bb530859
03bcddfabba6ff6ee5a4375efa1f4fd7feb34fd206357132b920f5b00801dee460ee415a15812ed9 2e7ea7d4fbc7385ea3d529b35e346ef48bb8913f55
<a href="#appendix-E.2-10.8" class="pilcrow">¶</a>
</li> * k_(4,10) = 0x4d2f259eea405bd48f010a01ad2911d9c6dd039bb61a6290e591b
<li class="normal" id="appendix-E.2-10.9">k_(4,8) = 0x1866c8ed336c6123 36e636a5c871a5c29f4f83060400f8b49cba8f6aa8
1a1be54fd1d74cc4f9fb0ce4c6af5920abc5750c4bf39b4852cfe2f7bb9248836b233d9d55535d4a
<a href="#appendix-E.2-10.9" class="pilcrow">¶</a> * k_(4,11) = 0xaccbb67481d033ff5852c1e48c50c477f94ff8aefce42d28c0f9a
</li> 88cea7913516f968986f7ebbea9684b529e2561092
<li class="normal" id="appendix-E.2-10.10">k_(4,9) = 0x167a55cda70a6e1
cea820597d94a84903216f763e13d87bb5308592e7ea7d4fbc7385ea3d529b35e346ef48bb8913f5 * k_(4,12) = 0xad6b9514c767fe3c3613144b45f1496543346d98adf02267d5cee
5<a href="#appendix-E.2-10.10" class="pilcrow">¶</a> f9a00d9b8693000763e3b90ac11e99b138573345cc
</li>
<li class="normal" id="appendix-E.2-10.11">k_(4,10) = 0x4d2f259eea405b * k_(4,13) = 0x2660400eb2e4f3b628bdd0d53cd76f2bf565b94e72927c1cb748d
d48f010a01ad2911d9c6dd039bb61a6290e591b36e636a5c871a5c29f4f83060400f8b49cba8f6aa f27942480e420517bd8714cc80d1fadc1326ed06f7
8<a href="#appendix-E.2-10.11" class="pilcrow">¶</a>
</li> * k_(4,14) = 0xe0fa1d816ddc03e6b24255e0d7819c171c40f65e273b853324efc
<li class="normal" id="appendix-E.2-10.12">k_(4,11) = 0xaccbb67481d033 d6356caa205ca2f570f13497804415473a1d634b8f
ff5852c1e48c50c477f94ff8aefce42d28c0f9a88cea7913516f968986f7ebbea9684b529e256109 </pre><a href="#appendix-E.2-10" class="pilcrow">¶</a>
2<a href="#appendix-E.2-10.12" class="pilcrow">¶</a> </div>
</li>
<li class="normal" id="appendix-E.2-10.13">k_(4,12) = 0xad6b9514c767fe
3c3613144b45f1496543346d98adf02267d5ceef9a00d9b8693000763e3b90ac11e99b138573345c
c<a href="#appendix-E.2-10.13" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-10.14">k_(4,13) = 0x2660400eb2e4f3
b628bdd0d53cd76f2bf565b94e72927c1cb748df27942480e420517bd8714cc80d1fadc1326ed06f
7<a href="#appendix-E.2-10.14" class="pilcrow">¶</a>
</li>
<li class="normal" id="appendix-E.2-10.15">k_(4,14) = 0xe0fa1d816ddc03
e6b24255e0d7819c171c40f65e273b853324efcd6356caa205ca2f570f13497804415473a1d634b8
f<a href="#appendix-E.2-10.15" class="pilcrow">¶</a>
</li>
</ul>
</section> </section>
</div> </div>
<div id="appx-iso-bls12381-g2"> <div id="appx-iso-bls12381-g2">
<section id="appendix-E.3"> <section id="appendix-E.3">
<h3 id="name-3-isogeny-map-for-bls12-381"> <h3 id="name-3-isogeny-map-for-bls12-381">
<a href="#appendix-E.3" class="section-number selfRef">E.3. </a><a href="#name-3 -isogeny-map-for-bls12-381" class="section-name selfRef">3-Isogeny Map for BLS12 -381 G2</a> <a href="#appendix-E.3" class="section-number selfRef">E.3. </a><a href="#name-3 -isogeny-map-for-bls12-381" class="section-name selfRef">3-Isogeny Map for BLS12 -381 G2</a>
</h3> </h3>
<p id="appendix-E.3-1">The 3-isogeny map from (x', y') on E' to (x, y) on E is g iven by the following rational functions:<a href="#appendix-E.3-1" class="pilcro w">¶</a></p> <p id="appendix-E.3-1">The 3-isogeny map from (x', y') on E' to (x, y) on E is g iven by the following rational functions:<a href="#appendix-E.3-1" class="pilcro w">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="appendix-E.3-2.1"> <li class="normal" id="appendix-E.3-2.1">
skipping to change at line 5389 skipping to change at line 5481
<p id="appendix-E.3-2.2.1">y = y' * y_num / y_den, where<a href="#ap pendix-E.3-2.2.1" class="pilcrow">¶</a></p> <p id="appendix-E.3-2.2.1">y = y' * y_num / y_den, where<a href="#ap pendix-E.3-2.2.1" class="pilcrow">¶</a></p>
<ul class="normal"> <ul class="normal">
<li class="normal" id="appendix-E.3-2.2.2.1">y_num = k_(3,3) * x'^3 + k_(3,2) * x'^2 + k_(3,1) * x' + k_(3,0)<a href="#appendix-E.3-2.2.2.1" class="pilcrow">¶</ a> <li class="normal" id="appendix-E.3-2.2.2.1">y_num = k_(3,3) * x'^3 + k_(3,2) * x'^2 + k_(3,1) * x' + k_(3,0)<a href="#appendix-E.3-2.2.2.1" class="pilcrow">¶</ a>
</li> </li>
<li class="normal" id="appendix-E.3-2.2.2.2">y_den = x'^3 + k_(4,2 ) * x'^2 + k_(4,1) * x' + k_(4,0)<a href="#appendix-E.3-2.2.2.2" class="pilcrow" >¶</a> <li class="normal" id="appendix-E.3-2.2.2.2">y_den = x'^3 + k_(4,2 ) * x'^2 + k_(4,1) * x' + k_(4,0)<a href="#appendix-E.3-2.2.2.2" class="pilcrow" >¶</a>
</li> </li>
</ul> </ul>
</li> </li>
</ul> </ul>
<p id="appendix-E.3-3">The constants used to compute x_num are as follows:<a hre f="#appendix-E.3-3" class="pilcrow">¶</a></p> <p id="appendix-E.3-3">The constants used to compute x_num are as follows:<a hre f="#appendix-E.3-3" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.3-4">
<li class="normal" id="appendix-E.3-4.1">k_(1,0) = 0x5c759507e8e333ebb5b7a9a47d7 <pre>
ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6 + 0x5c75950 * k_(1,0) = 0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b5842
7e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaa 3c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6 + 0x5c759507e8e333ebb5b7
aaaa97d6 * I<a href="#appendix-E.3-4.1" class="pilcrow">¶</a> a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaa
</li> aaaaa97d6 * I
<li class="normal" id="appendix-E.3-4.2">k_(1,1) = 0x11560bf17baa99bc3
2126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71a * k_(1,1) = 0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c
* I<a href="#appendix-E.3-4.2" class="pilcrow">¶</a> 6b4f20a4181472aaa9cb8d555526a9ffffffffc71a * I
</li>
<li class="normal" id="appendix-E.3-4.3">k_(1,2) = 0x11560bf17baa99bc3 * k_(1,2) = 0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c
2126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71e 6b4f20a4181472aaa9cb8d555526a9ffffffffc71e + 0x8ab05f8bdd54cde1909
+ 0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6a 37e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ff
aaa9354ffffffffe38d * I<a href="#appendix-E.3-4.3" class="pilcrow">¶</a> ffffffe38d * I
</li>
<li class="normal" id="appendix-E.3-4.4">k_(1,3) = 0x171d6541fa38ccfae * k_(1,3) = 0x171d6541fa38ccfaed6dea691f5fb614cb14b4e7f4e810aa22d610
d6dea691f5fb614cb14b4e7f4e810aa22d6108f142b85757098e38d0f671c7188e2aaaaaaaa5ed1< 8f142b85757098e38d0f671c7188e2aaaaaaaa5ed1
a href="#appendix-E.3-4.4" class="pilcrow">¶</a> </pre><a href="#appendix-E.3-4" class="pilcrow">¶</a>
</li> </div>
</ul>
<p id="appendix-E.3-5">The constants used to compute x_den are as follows:<a hre f="#appendix-E.3-5" class="pilcrow">¶</a></p> <p id="appendix-E.3-5">The constants used to compute x_den are as follows:<a hre f="#appendix-E.3-5" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.3-6">
<li class="normal" id="appendix-E.3-6.1">k_(2,0) = 0x1a0111ea397fe69a4b1ba7b6434 <pre>
bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa63 * I<a href * k_(2,0) = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2
="#appendix-E.3-6.1" class="pilcrow">¶</a> a0f6b0f6241eabfffeb153ffffb9feffffffffaa63 * I
</li>
<li class="normal" id="appendix-E.3-6.2">k_(2,1) = 0xc + 0x1a0111ea397 * k_(2,1) = 0xc + 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf
fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9fefffffff 6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa9f * I
faa9f * I<a href="#appendix-E.3-6.2" class="pilcrow">¶</a> </pre><a href="#appendix-E.3-6" class="pilcrow">¶</a>
</li> </div>
</ul>
<p id="appendix-E.3-7">The constants used to compute y_num are as follows:<a hre f="#appendix-E.3-7" class="pilcrow">¶</a></p> <p id="appendix-E.3-7">The constants used to compute y_num are as follows:<a hre f="#appendix-E.3-7" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.3-8">
<li class="normal" id="appendix-E.3-8.1">k_(3,0) = 0x1530477c7ab4113b59a4c18b076 <pre>
d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706 + 0x153047 * k_(3,0) = 0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439
7c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc7 d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706 + 0x1530477c7ab4113b59a
1c71c6d706 * I<a href="#appendix-E.3-8.1" class="pilcrow">¶</a> 4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc
</li> 71c71c6d706 * I
<li class="normal" id="appendix-E.3-8.2">k_(3,1) = 0x5c759507e8e333ebb
5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97be * * k_(3,1) = 0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b5842
I<a href="#appendix-E.3-8.2" class="pilcrow">¶</a> 3c50ae15d5c2638e343d9c71c6238aaaaaaaa97be * I
</li>
<li class="normal" id="appendix-E.3-8.3">k_(3,2) = 0x11560bf17baa99bc3 * k_(3,2) = 0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c
2126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71c 6b4f20a4181472aaa9cb8d555526a9ffffffffc71c + 0x8ab05f8bdd54cde1909
+ 0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6a 37e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ff
aaa9354ffffffffe38f * I<a href="#appendix-E.3-8.3" class="pilcrow">¶</a> ffffffe38f * I
</li>
<li class="normal" id="appendix-E.3-8.4">k_(3,3) = 0x124c9ad43b6cf79bf * k_(3,3) = 0x124c9ad43b6cf79bfbf7043de3811ad0761b0f37a1e26286b0e977
bf7043de3811ad0761b0f37a1e26286b0e977c69aa274524e79097a56dc4bd9e1b371c71c718b10< c69aa274524e79097a56dc4bd9e1b371c71c718b10
a href="#appendix-E.3-8.4" class="pilcrow">¶</a> </pre><a href="#appendix-E.3-8" class="pilcrow">¶</a>
</li> </div>
</ul>
<p id="appendix-E.3-9">The constants used to compute y_den are as follows:<a hre f="#appendix-E.3-9" class="pilcrow">¶</a></p> <p id="appendix-E.3-9">The constants used to compute y_den are as follows:<a hre f="#appendix-E.3-9" class="pilcrow">¶</a></p>
<ul class="normal"> <div class="alignLeft art-text artwork" id="appendix-E.3-10">
<li class="normal" id="appendix-E.3-10.1">k_(4,0) = 0x1a0111ea397fe69a4b1ba7b643 <pre>
4bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb + 0x1a011 * k_(4,0) = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2
1ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9fef a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb + 0x1a0111ea397fe69a4b1
fffffffa8fb * I<a href="#appendix-E.3-10.1" class="pilcrow">¶</a> ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9fef
</li> fffffffa8fb * I
<li class="normal" id="appendix-E.3-10.2">k_(4,1) = 0x1a0111ea397fe69a
4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa9d3 * k_(4,1) = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2
* I<a href="#appendix-E.3-10.2" class="pilcrow">¶</a> a0f6b0f6241eabfffeb153ffffb9feffffffffa9d3 * I
</li>
<li class="normal" id="appendix-E.3-10.3">k_(4,2) = 0x12 + 0x1a0111ea3 * k_(4,2) = 0x12 + 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512b
97fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9fefffff f6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa99 * I
fffaa99 * I<a href="#appendix-E.3-10.3" class="pilcrow">¶</a> </pre><a href="#appendix-E.3-10" class="pilcrow">¶</a>
</li> </div>
</ul>
</section> </section>
</div> </div>
</section> </section>
</div> </div>
<div id="straightline"> <div id="straightline">
<section id="appendix-F"> <section id="appendix-F">
<h2 id="name-straight-line-implementatio"> <h2 id="name-straight-line-implementatio">
<a href="#appendix-F" class="section-number selfRef">Appendix F. </a><a href="#n ame-straight-line-implementatio" class="section-name selfRef">Straight-Line Impl ementations of Deterministic Mappings</a> <a href="#appendix-F" class="section-number selfRef">Appendix F. </a><a href="#n ame-straight-line-implementatio" class="section-name selfRef">Straight-Line Impl ementations of Deterministic Mappings</a>
</h2> </h2>
<p id="appendix-F-1">This section gives straight-line implementations of the map pings of <a href="#mappings" class="auto internal xref">Section 6</a>. <p id="appendix-F-1">This section gives straight-line implementations of the map pings of <a href="#mappings" class="auto internal xref">Section 6</a>.
 End of changes. 26 change blocks. 
449 lines changed or deleted 373 lines changed or added

This html diff was produced by rfcdiff 1.48.