[Cryptography] FW: real world binary ecc
James Muir
muir.james.a at gmail.com
Thu Nov 19 00:00:20 EST 2020
On 2020-11-15 2:45 p.m., Salz, Rich via cryptography wrote:
> Forwarded with permission; Nicoli is one of the (sic) key implementors of ECC in the OpenSSL project.
>
>
> On 11/15/20, 10:19 AM, "Nicola Tuveri" <nic.tuv at gmail.com> wrote:
>
> > suppose you want to create a new TLS library. Should you support binary curves?
>
> I'd dare say, from an implementer perspective, the answer to this is
> "likely no".
> RFC 8422, in obsoleting RFC 4492, has de facto removed support of
> binary curves from TLS 1.2 and earlier.
Nicola, thanks very much for your informative message! And thanks to
Rich for sharing the thread.
I had not looked at RFC 8422. Here is the relevant section for those
interested:
> 5.1.1. Supported Elliptic Curves Extension
>
> RFC 4492 defined 25 different curves in the NamedCurve registry (now
> renamed the "TLS Supported Groups" registry, although the enumeration
> below is still named NamedCurve) for use in TLS. Only three have
> seen much use. This specification is deprecating the rest (with
> numbers 1-22). This specification also deprecates the explicit
> curves with identifiers 0xFF01 and 0xFF02. It also adds the new
> curves defined in [RFC7748]. The end result is as follows:
>
> enum {
> deprecated(1..22),
> secp256r1 (23), secp384r1 (24), secp521r1 (25),
> x25519(29), x448(30),
> reserved (0xFE00..0xFEFF),
> deprecated(0xFF01..0xFF02),
> (0xFFFF)
> } NamedCurve;
And for the FIPS 186-5 draft, it references the SP 800-186 draft -- the
deprecation message is found there:
> 4.3 Curves over Binary Fields
>
> This section specifies elliptic curves over binary fields where
> each curve takes the form of a curve in short-Weierstrass form
> and is either a Koblitz curve (Section 4.3.1) or a pseudorandom
> curve (Section 4.3.2). Due to their limited adoption, elliptic
> curves over binary fields (i.e., all the curves specified in
> Section 4.3) are deprecated and may be removed from a subsequent
> revision to these guidelines to facilitate interoperability and
> simplify elliptic curve standards and implementations. New
> implementations should select an appropriate elliptic curve over
> a prime field from Section 4.2.
cheers,
-James M
More information about the cryptography
mailing list