Ken MacKay

You would use the general Jacobian doubling method, ie double_jacobian_secp256k1().

Maybe it's not detecting thumb architecture correctly? You could try manually defining uECC_PLATFORM=uECC_arm_thumb (or thumb2, depending on what you're building for) and see if that helps.

Based on the error messages, the assembler is complaining about some opcode that isn't supported. It seems unlikely that 'or' is not supported though, so maybe the error is pointing...

The double_jacobian_default() function only works if a ≣ -3 (mod p). Since that isn't true for the Brainpool curves, you'll need to implement a separate version.

Yes, vli_mmod_fast_secp256r1() is specific to that curve.

The prime == 3 (mod 4), so the default mod_sqrt function should be correct. I think if you implement double_jacobian() and vli_mmod_fast(), that should be sufficient.

You can use the existing uECC_vli_mmod() function. It is pretty slow though.

A cursory search found this: https://eprint.iacr.org/2014/040.pdf

I don't mind merging 16-bit support. It would be very slow though without any asm optimizations. On Wed, Mar 29, 2017 at 1:01 AM, Gaëtan Harter wrote: > Hello, I...