Open in app

Sign in

Write

Sign in

Member-only story

The Lizard Method of Point Reversal

Prof Bill Buchanan OBE FRSE
2 min readApr 28, 2024

A common operation on elliptic curves is to hash data onto a point onto the curve. But can we reverse the point back to the hashed data? For this, we can use the Lizard method within a Ristretto group constructed from Edwards25519. It was first defined by Abraham Westerbaan [1]:

Overall, if we do not want to reverse the point back to data, we should use the Derive() method:

Ristretto prime-order group built from Edwards25519

Ed25519 is now used in many areas and provides a simpler and more scalable signature than ECDSA. The signature is…

asecuritysite.com

If we need to reverse the point back to data, we can use the SetLizard() method:

m:="Hello"
 
var p ristretto.Point

 h := sha256.Sum256([]byte(m))

 var ret [16]byte
 copy(ret[:], h[:])

 
 p.SetLizard(&ret)

In this case, we create a SHA256 hash, and then copy 16 bytes into the curve point (p). To reverse, we can then apply [here]:


m:="Hello" 
var p ristretto.Point
 var outBuf [16]byte

 h := sha256.Sum256([]byte(m))

 var ret [16]byte
 copy(ret[:], h[:])

 
 p.SetLizard(&ret)…

--

--

Prof Bill Buchanan OBE FRSE
Prof Bill Buchanan OBE FRSE

Written by Prof Bill Buchanan OBE FRSE

34K Followers
39 Following

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams