Category: Secure elliptic curves
Algorithms for solving special cases of ECDLP – Elliptic Curves
8.4.2 Algorithms for solving special cases of ECDLP Because of their mathematical properties, some elliptic curves allow you to take shortcuts when solving ECDLP. In 1991, mathematicians Alfred Menezes, Scott Vanstone, and Tatsuaki Okamoto published an algorithm that reduces ECDLP to a DLP in the multiplicative group of a finite field. They showed that for…
Explore MoreCurve secp521r1 – Elliptic Curves
8.5.3 Curve secp521r1 The third NIST curve included in the TLS 1.3 standard is curve secp521r1. It is also defined in FIPS-186 where it is referred to as curve P-521. P-521 is defined over the prime field 𝔽p with p = 2521 − 1. Like P-256 and P-384, the curve P-521 is defined by the…
Explore MoreECDH parameters in TLS 1.3 – Elliptic Curves
8.5.7 ECDH parameters in TLS 1.3 Both server Alice and client Bob encode their ECDH parameters in the KeyShare structure, in the key˙exchange opaque field of a KeyShareEntry. When elliptic curves secp256r1, secp384r1, or secp521r1 are used, the key˙exchange field stores the serialized value of the UncompressedPointRepresentation structure shown in Listing 8.3. Listing 8.3: Uncompressed…
Explore MoreRSA-based signatures – Digital Signatures
9.2 RSA-based signatures An RSA-based signature is generated by applying the private key part of the RSA key pair to the hash value of the message m to be signed. To recap from Chapter 7, Public-Key Cryptography, Alice’s RSA key pair has the public key part PKAlice = (e,n), where n is the product of…
Explore MoreDigital signatures based on discrete logarithms – Digital Signatures
9.3 Digital signatures based on discrete logarithms Other than for RSA signatures, we cannot create a signature based on discrete logarithms simply by encrypting the message m with a private key. This is because in the Diffie-Hellman protocol, we only agree on a shared secret between Alice and Bob. In the ElGamal scheme, Alice uses…
Explore MoreElliptic Curve Digital Signature Algorithm (ECDSA) – Digital Signatures
9.3.2 Elliptic Curve Digital Signature Algorithm (ECDSA) When transferring the DSA algorithm to an elliptic curve E, we just switch the group from 𝔽p∗ to E, so the basic steps will stay the same. We just have to ensure that we switch the objects correctly: Bearing this in mind, formulating the ECDSA is not very…
Explore MoreRSASSA-PKCS1-v1_5 algorithms – Digital Signatures
9.4.1 RSASSA-PKCS1-v1_5 algorithms The RSASSA PKCS1 version 1.5 algorithms rsa˙pkcs1˙sha256, rsa˙pkcs1˙sha384, and rsa˙pkcs1˙sha512 are defined in RFC 8017 PKCS #1: RSA Cryptography Specifications Version 2.2. The hash functions – SHA-256, SHA-384 and SHA-512 – are definded in FIPS 180-4 Secure Hash Standard [129]. RFC 8017 specifies public-key cryptography algorithms – including so-called signature schemes with…
Explore MoreECDSA algorithms – Digital Signatures
9.4.3 ECDSA algorithms The ECDSA algorithms ecdsa˙secp256r1˙sha256, ecdsa˙secp384r1˙sha384 as well as ecdsa˙secp521r1˙sha512 are defined in the American National Standards Institute (ANSI) X9.62 standard [6]. The corresponding elliptic curves are defined in the ANSI X9.62 and FIPS 186-4 [128] standards, and the hash functions are defined in the FIPS 180-4 standard [129]. We already learned how…
Explore MoreEdDSA algorithms 2 – Digital Signatures
The points on the elliptic curve form a group under addition, that is: The neutral element for this group is (0,1). The explicit formulas for computing the points x3 and y3 are and Unlike with many other elliptic curves, these formulas have the advantage of being complete. That means they are valid for all points…
Explore MoreEdDSA algorithms – Digital Signatures
9.4.4 EdDSA algorithms The ed25519 and ed448 algorithms are instantiations of the Edwards-Curve Digital Signature Algorithm (EdDSA) with the elliptic curves edwards25519 and edwards448, respectively. The algorithms are defined in RFC 8032 Edwards-Curve Digital Signature Algorithm (EdDSA). The ed25519 algorithm offers roughly 128-bit security. This is in line with the security level recommended by common…
Explore More