[Cryptography] FW: real world binary ecc

James Muir muir.james.a at gmail.com
Thu Nov 19 00:00:20 EST 2020 

On 2020-11-15 2:45 p.m., Salz, Rich via cryptography wrote:
> Forwarded with permission; Nicoli is one of the (sic) key implementors of ECC in the OpenSSL project.
> 
> 
> On 11/15/20, 10:19 AM, "Nicola Tuveri" <nic.tuv at gmail.com> wrote:
> 
>      > suppose you want to create a new TLS library.  Should you support binary curves?
> 
>      I'd dare say, from an implementer perspective, the answer to this is
>      "likely no".
>      RFC 8422, in obsoleting RFC 4492, has de facto removed support of
>      binary curves from TLS 1.2 and earlier.

Nicola, thanks very much for your informative message!  And thanks to 
Rich for sharing the thread.

I had not looked at RFC 8422.  Here is the relevant section for those 
interested:

> 5.1.1.  Supported Elliptic Curves Extension
> 
>    RFC 4492 defined 25 different curves in the NamedCurve registry (now
>    renamed the "TLS Supported Groups" registry, although the enumeration
>    below is still named NamedCurve) for use in TLS.  Only three have
>    seen much use.  This specification is deprecating the rest (with
>    numbers 1-22).  This specification also deprecates the explicit
>    curves with identifiers 0xFF01 and 0xFF02.  It also adds the new
>    curves defined in [RFC7748].  The end result is as follows:
> 
>            enum {
>                deprecated(1..22),
>                secp256r1 (23), secp384r1 (24), secp521r1 (25),
>                x25519(29), x448(30),
>                reserved (0xFE00..0xFEFF),
>                deprecated(0xFF01..0xFF02),
>                (0xFFFF)
>            } NamedCurve;

And for the FIPS 186-5 draft, it references the SP 800-186 draft -- the 
deprecation message is found there:

> 4.3 Curves over Binary Fields
> 
> This section specifies elliptic curves over binary fields where
> each curve takes the form of a curve in short-Weierstrass form
> and is either a Koblitz curve (Section 4.3.1) or a pseudorandom
> curve (Section 4.3.2). Due to their limited adoption, elliptic
> curves over binary fields (i.e., all the curves specified in
> Section 4.3) are deprecated and may be removed from a subsequent
> revision to these guidelines to facilitate interoperability and
> simplify elliptic curve standards and implementations. New
> implementations should select an appropriate elliptic curve over
> a prime field from Section 4.2.

cheers,

-James M

More information about the cryptography mailing list