Re: How to use a named elliptic curve?

Ján Jančár on Sat, 09 Jan 2021 18:45:23 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: How to use a named elliptic curve?

To: pari-users@pari.math.u-bordeaux.fr
Subject: Re: How to use a named elliptic curve?
From: Ján Jančár <johny@neuromancer.sk>
Date: Sat, 9 Jan 2021 18:45:18 +0100
Delivery-date: Sat, 09 Jan 2021 18:45:23 +0100
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neuromancer.sk; s=20173101; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=K6oEnr4Mp/V2NcgsF14UmiKCNxICRItuqIZqcUMESgY=; b=tCKbobXLa5WGSf+Bl6VKDYnOz c+dY8xwYD+xGB29uq9IZTLyGAayL7asLqvvRYvW4s6ljSmrI5sIVMPv4dWqJd6XMfSAIvpKiEi6Pr qwe9amqULasPFP2leSq1Iu3yzf/anN+6GsP6W8l17jrs3l0F3DHhDWgVyaROQhxpiZOHQurItpAuG yUwpz8H1W5vlDn253V6jwhZ0c01imEuk1LcpBiey20Xr2swl7Vx6W7jr3s+7iQ4nczIJ2XAAmRzDc YJCYfOQMAso5aGBYX68H1NCWo7PUXRzQM2ejJ1NNW4tjrAB4S3VMb61/zcL6NTOxYBUk3ICjcwyxd F+l5KZsQg==;
In-reply-to: <20210109113650.GA28294@yellowpig>
References: <CAH8yC8kGfwjq++kpW=m+gdkRoDOhF7NifAtA3DrFRqvp7A3nAA@mail.gmail.com> <20210102100829.GA860106@math.u-bordeaux.fr> <CAH8yC8n0NJF-cB+AvnuyWZ+M1pbhBUnwySEzSs+1TcSShpL_rA@mail.gmail.com> <70b9924d-9c39-f57b-acd2-43314d045584@neuromancer.sk> <20210109113650.GA28294@yellowpig>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0

On 09/01/2021 12:36, Bill Allombert wrote:
> On Wed, Jan 06, 2021 at 03:38:33PM +0100, Ján Jančár wrote:
>> Hey all,
>>
>> On 02/01/2021 12:00, Jeffrey Walton wrote:
>>> On Sat, Jan 2, 2021 at 5:08 AM Karim Belabas
>>> <Karim.Belabas@math.u-bordeaux.fr> wrote:
>>>>
>>>> * Jeffrey Walton [2021-01-02 05:58]:
>>>>> Hi Everyone,
>>>>>
>>>>> I'm working through the elliptic curve tutorial at
>>>>> https://pari.math.u-bordeaux.fr/Events/PARI2017c/talks/ecc_en.pdf. I
>>>>> want to use a named curve, like secp256k1 or secp256r1. It does not
>>>>> appear to be covered in the tutorial.
>>>>> ...
>>>>> How do I create a named curve?
>>>>
>>>> The named curves mechanism only supports Cremona labels at this point
>>>> (for curves over Q sorted by conductor provided by the Cremona database,
>>>> which we repackage as 'elldata'); with the second syntax as in
>>>>
>>>>   E = ellinit("36a1");
>>>>
>>>> None of the crypto curves names (SEC2, FIPS 186-4, RFC3279, etc.) are
>>>> currently supported by this mechanism. It's an interesting option,
>>>> though, that would not be hard to support: Crenoma labels start by a
>>>> digit, all crypto curves names I am aware of start by a letter...
>>>>
>>>> What names would we need to support ?
>>>>   - [PKR]-* from FIPS
>>>>   - sec* from SEC2
>>>>   - prime* from RFC
>>>
>>> curve25519 and curve448 are fairly popular. SEC-2/NIST and Bernstein's
>>> curve would probably keep most people happy.
>>>
>>> The RFC 3279 curves may be useful, too. I seem to recall some of them
>>> are considered weak/wounded. I think some of them were from the 1998
>>> version of ANSI 9.62. They include c2pnb163v1 and wtls1. But they
>>> would probably make good academic material.
>>
>> I co-created and maintain a repository of standard elliptic curves
>> used in cryptography at: https://neuromancer.sk/std/ and https://github.com/J08nY/std-curves.
>> The curves are available in JSON and the website provides SAGE code
>> that instantiates the curve, see for example: https://neuromancer.sk/std/secg/secp256r1.
>> I could add functionality that creates and displays PARI-GP code that instantiates
>> the curves as well.
>>
>> I would otherwise be against directly including somewhat standard elliptic curves
>> in the PARI codebase, even though its not really my call, simply because of the large
>> amount of them and the hardness of saying what is really "standard" or "interesting".
>>
>> Perhaps there can be a PARI script distributed that understands the kind of JSON format
>> we use in the std-curves repository or downloads them directly from github?
> 
> It would likely be much simpler to convert std-curves to PARI format
> once, and put that for downloads instead.
> 

I just had a look on the format of pari-elldata and also the original Cremona's database
at https://github.com/JohnCremona/ecdata and the format does not seem to include a way
to define the base field of the curve, all the curves are assumed to be over the rationals.

So to support standard elliptic curves this functionality/format would have to be extended
to allow for specification of the base field (usually a prime field or a binary extension
field with polynomial basis with a chosen generator polynomial).

Cheers,
-- 
Jan

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Follow-Ups:
- Re: How to use a named elliptic curve?
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>

References:
- How to use a named elliptic curve?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: How to use a named elliptic curve?
  - From: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>
- Re: How to use a named elliptic curve?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: How to use a named elliptic curve?
  - From: Ján Jančár <johny@neuromancer.sk>
- Re: How to use a named elliptic curve?
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>

Prev by Date: Re: How to use a named elliptic curve?
Next by Date: Re: How to use a named elliptic curve?
Previous by thread: Re: How to use a named elliptic curve?
Next by thread: Re: How to use a named elliptic curve?
Index(es):
- Date
- Thread