[1] D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang, "High-speed high-security signatures," Journal of Cryptographic Engineering, vol. 2, no. 2, 2012. https://ed25519.cr.yp.to/ed25519-20110705.pdf
[2] D. J. Bernstein, S. Josefsson, T. Lange, P. Schwabe, and B.-Y. Yang, "EdDSA for more curves." Cryptology ePrint Archive, Report 2015/677, 2015. http://eprint.iacr.org/2015/677
[3] D. J. Bernstein, "Curve25519: New Diffie-Hellman Speed Records," in PKC 2006, 2006. https://cr.yp.to/ecdh/curve25519-20060209.pdf
[4] A. Langley, M. Hamburg, and S. Turner, "Elliptic Curves for Security." RFC 7748, Jan-2016. http://www.ietf.org/rfc/rfc7748.txt
[5] S. Micali, M. Rabin, and S. Vadhan, "Verifiable Random Functions," in Proceedings of the 40th Annual Symposium on the Foundations of Computer Science, 1999.
[6] Y. Dodis and A. Yampolskiy, "A Verifiable Random Function with Short Proofs and Keys," in PKC 2005, 2005. https://www.cs.nyu.edu/~dodis/ps/short-vrf.pdf
[7] Wikipedia, "Fermat's little theorem," 2016. https://en.wikipedia.org/w/index.php?title=Fermat%27s_little_theorem
[8] D. J. Bernstein, P. Birkner, M. Joye, T. Lange, and C. Peters, "Twisted Edwards Curves." Cryptology ePrint Archive, Report 2008/013, 2008. http://eprint.iacr.org/2008/013
[9] A. Jivsov, "Compact representation of an elliptic curve point," Internet-Draft draft-jivsov-ecc-compact-05, Sep. 2014. https://tools.ietf.org/html/draft-jivsov-ecc-compact-05
[10] NIST, "FIPS 180-4. Secure Hash Standard (SHS)," 2012. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
[11] D. J. Bernstein, M. Hamburg, A. Krasnova, and T. Lange, "Elligator: Elliptic-curve points indistinguishable from uniform random strings." Cryptology ePrint Archive, Report 2013/325, 2013. http://eprint.iacr.org/2013/325
[12] Wikipedia, "Legendre symbol," 2016. https://en.wikipedia.org/w/index.php?title=Legendre_symbol
[13] I. Liusvaara and S. Josefsson, "Edwards-curve Digital Signature Algorithm (EdDSA)," Internet-Draft draft-irtf-cfrg-eddsa-08, Oct. 2016. https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-08
[14] T. Pornin, "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)." RFC 6979, Aug-2013. http://www.ietf.org/rfc/rfc6979.txt
[15] J. P. Degabriele, A. Lehmann, K. G. Paterson, N. P. Smart, and M. Strefler, "On the Joint Security of Encryption and Signature in EMV." Cryptology ePrint Archive, Report 2011/615, 2011. http://eprint.iacr.org/2011/615
[16] M. S. Melara, A. Blankstein, J. Bonneau, E. W. Felten, and M. J. Freedman, "CONIKS: Bringing key transparency to end users." Cryptology ePrint Archive, Report 2014/1004, 2014. http://eprint.iacr.org/2014/1004