This book is a beautiful step by step exposition of the conjecture accessible to anyone with a high school/secondary school level education in math/maths:
Subsequently, if you've taken an undergraduate level algebra class (or just have mathematical maturity and can work through some algebraic definitions) I suggest Tate and Silverman's Rational Points on Elliptic Curves. It's not super rigorous but it's good at introducing elliptic curves.
I also really like Cassels' _Lectures on Elliptic Curves_, which is written very lucidly and actually describes in detail how to do a lot of the calculations that tend to be glossed over a bit by more theory-inclined authors.
I second frutiger's recommendation of Elliptic Tales: Curves, Counting, and Number Theory. There should be more science and math books at this level but it's rare—either you're assumed to be starting from scratch or to be at least a graduate student in the field. I also recommend Jim Baggott's Perfect Symmetry: The Accidental Discovery of Buckminsterfullerene as another example at this rarely seen intermediate level. (Arguably all of Scientific American was at this level 50 years ago, but that era is long gone.)
Even as someone with mathematical training, my eyes started skipping lines a few paragraphs in. This content is good, for sure, but you have to be in the right headspace to follow along. Quanta's material is serving a different need.
Quanta tells you about it. This article tells you it. Both are valuable!
This draws you into the math instead of running away from it. I feel like a reasonably smart (and motivated) person with no knowledge of group theory or number theory could follow along here and understand the material. I feel like the people who write Quanta articles want me to remain ignorant.
Look, that's the important part, right? If I wanted to learn the material, I could. But I'm not really interested in learning the material right now, or following the arguments exactly. It's a great article when you're in that mindset.
Quanta, I don't have to be ready to learn the material. I can get a little awareness of what's going on, I don't have to follow specific arguments over a series of paragraphs -- it's news, not lecture. Sometimes that's what I need, to keep aware of what's going on without having to learn it straight up.
I'm a fan of channels like Mathologer and 3B1B, so I'm no stranger to sitting down and following a lovely argument all the way through. I just object to the idea that Quanta is serving the same need as this article and doing a worse job. I just think it's serving a different need altogether.
There are literally hundreds of introductory level analysis textbooks. Some are very terse with challenging exercises presenting things in a definition-theorem-lemma-proof example style (baby Rudin, Lang, Kolmogorov & Fomin, Zorich). Others are pretty chatty, and give lots and lots of examples and motivating discussion (Carothers, Abbott, Pugh). Still others focus more on building (correct) intuition, have few detailed proofs, but give lots of high level vistas of the landscape. These explain how analysts think, and give more historical context (Bressoud, both of Bryant's books, WW Sawyer's introduction to numerical functional analysis). There are even some that take a somewhat more Socratic approach and relegate most of the material to the exercises (Moore & Cloud).
I claim that this diversity of math writing on a single topic is fantastic. I love Baby Rudin, and found Abbott and even Carothers to be so chatty as to be confusing, where others find both of those texts to be a breath of fresh air. Later I came to appreciate Carothers more, and by extension the higher level texts by Bryant and Sawyer.
If you don't like a particular piece of math writing, just consider that there might be others out there who benefit from it. For instance, my partner who has intense math anxiety and barely passed high school algebra can often follow them, and I've found them nice for getting a quick description of a field in math I know nothing about and the problems and methods of that field.
Anyway to be clear, this isn't to say you shouldn't be critical, just that we need more math writing, not less, and if something isn't landing for you, maybe it's landing for others.
The point of the OP was that Dalek library provides API to Ristretto (https://ristretto.group) which is a proper mathematical prime order group, unlike stock Ed25519 API that exposes cofactors and caused famous issues in Monero.
There's a weird sort of doublethink going on in your post. You're trying to attract talent that knows cryptography but seem to be using the same cryptobro snake oil you presumably use to sell your product (dude...imagine someone spending 8x the bitcoin!!!1! Even tho bitcoin uses secp256)
You also seem to be trying to give the impression you're doing something new and interesting rather than just deploying ristretto255 like everyone else. But you don't want to be caught rolling your own crypto, so you're being deliberately vague.
I think this is an unfair characterization. My point was to try to help individuals mentally model what could happen in the event of a cofactor attack. I think it would’ve been more confusing to say “imagine spending a txo 8x!” Because most people even in crypto don’t know what a transaction output is :/.
Please note that we didn’t roll or build Dalek, so again, this is a mischaracterization.
Also, yes, we are doing quite a bit that’s novel and interesting. For example, we implemented the first at-scale private information recovery system (entitled MobileCoin Fog) which makes extensive use of PATH and Circuit Oblivious RAM (and all of our stuff is open source). There’s quite a bit of new and creative stuff in our GitHub if you want to poke around.
https://press.princeton.edu/books/hardcover/9780691151199/el...