Currently we only implement homogeneous projective coordinates.
However the complete formulae to defend against side-channel attacks may be more costly than masked select on Jacobian coordinates, especially on G2 for curves that have a costly non-residue or b in y² = x³ + b:
mratsim
commented
4 years ago
Currently we only implement homogeneous projective coordinates.
However the complete formulae to defend against side-channel attacks may be more costly than masked select on Jacobian coordinates, especially on G2 for curves that have a costly non-residue or b in y² = x³ + b: