RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (2)

RFC 7748, "Elliptic Curves for Security", January 2016

Source of RFC: IRTF

Errata ID: 4730
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Adam Langley
Date Reported: 2016-07-05
Verifier Name: Lars Eggert
Date Verified: 2016-07-05

Section 4.1 says:

V(P)  147816194475895447910205935684099868872646061346164752889648818

It should say:

V(P)  431144251710685529207648989359339670393703861982038067307639101


The Montgomery form of the curve is generally used with a ladder, where the v coordinate is unused and unspecified. Thus I picked the smaller of the two possible values for v.

However, the curve is birationally equivalent to edwards25519, where both coordinates of the base point are used and are already in widespread use. Sadly, picking the smaller of the values for v ends up mapping to the negative of the base point on edwards25519.

This change replaces v with -v so that it matches up.

Errata ID: 5028
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Adam Langley
Date Reported: 2017-06-02
Verifier Name: Stanislav Smyshlyaev
Date Verified: 2020-12-15

Section 5.2 says:

Input u-coordinate as a number (base 10):

It should say:

Decoded u-coordinate as a number (base 10):


It is unclear that the base 10 numbers are the decoded values (i.e. after masking). That should have been made more explicit to reduce confusion.

Report New Errata

Advanced Search