Skip to content

Latest commit

 

History

History
95 lines (58 loc) · 3.56 KB

CURVES.md

File metadata and controls

95 lines (58 loc) · 3.56 KB

Curves

ECTester contains a collection of elliptic curve/point parameters, these parameters either come from standards or were generated manually or using ecgen.

These parameters can be found in the cz.crcs.ectester.data package.

Standard

SECG

SEC 2: Recommended Elliptic Curve Domain Parameters version 2.0 January 27, 2010

Source

NIST

RECOMMENDED ELLIPTIC CURVES FOR FEDERAL GOVERNMENT USE July 1999

Source

x962

ANSI X9.62 example curves.

Brainpool

ECC Brainpool Standard Curves and Curve Generation v. 1.0 19.10.2005

Source

anssi

Agence nationale de la sécurité des systèmes d'information: Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française. 21 November 2011

GOST

GOST R 34.10-2001: RFC5832 curves.

Source

Barreto-Naehrig

Barreto-Naehrig curves from: A Family of Implementation-Friendly BN Elliptic Curves

Source

Other

An assortment of some other curves. Montgomery curves transformed into short Weierstrass form from https://eprint.iacr.org/2013/647.pdf

Curve25519 transformed into short Weierstrass form.

Generated

anomalous

These prime field curves have the same order as the field order, and are susceptible to attacks reducing ECDLP over a multiplicative group of the curve, to DLP over an additive group of the underlying field, which is easy (linear time).

Some of these are from Atsuko Miyaji's paper, others were generated using ecgen.

invalid

This category contains pre-generated invalid curves for a large subset of NIST, SECG and Brainpool curves. Invalid curves for a given curve, are short Weierstrass curves with all parameters equal to the given curve except the b parameter. These curves can be used to attack some implementations.

Generated using ecgen.

composite

Contains curves of composite order, with small order points.

Generated using ecgen.

wrong

Contains parameters that are not elliptic curves(over Fp and F2m), such as p parameter that is not prime or an irreducible polynomial that is not irreducible.

Generated manually.

twist

Contains pre-generated points on twists of known named curves from NIST, SECG. These points can be used to attack some implementations.

Generated using ecgen.

degenerate

Contains pre-generated points on the line Y: x = 0. These points are constructed from elements of prime order in the multiplicative group F_p given a curve over it.

Generate manually using PARI/GP.

cofactor

Contains curves that are composite order, with points not on the subgroup generated by the generator.

Generated using ecgen.

supersingular

Contains supersingular curves, over F_p with order equal to p + 1. These have embedding degree equal to 2.

Generated using ecgen.

Other

Wycheproof

Contains some test vectors from the google/Wycheproof project.