Re: How to use a named elliptic curve?

Ján Jančár on Wed, 06 Jan 2021 15:38:38 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: How to use a named elliptic curve?

To: noloader@gmail.com, pari-users@pari.math.u-bordeaux.fr
Subject: Re: How to use a named elliptic curve?
From: Ján Jančár <johny@neuromancer.sk>
Date: Wed, 6 Jan 2021 15:38:33 +0100
Delivery-date: Wed, 06 Jan 2021 15:38:38 +0100
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neuromancer.sk; s=20173101; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Fel2oHjQOLwnF30JC6C9/kidW3fTzBYep+ylmJtT8GI=; b=Eb+pwJklZGhLBMaLJZRjzHZCv3 6v2DDKqZ+9VP7cN9EqVlpFek4G66MKzzsy/4nJqmzMk/dsOYmITnFrr8khNU6CZ5V6FqMgvxOzLj0 ShgnMTfUTWCtvYyWdsOjeQjTlWYZPBW02c+F0i0dVNJLZI4IYo/CMEbZuL6qiTDXpwOpvNX50anTD HvsWay/LLEHR6pJGU48gLqzd/hFz9HhOP00AVnW1b7YMUTb7NUFJOk9nWfRoFSLP8I6g7GT75N9iw 41RsdbZe/OT8X65vbcYXJEiuSYoxXpCpmCRD6Kow0WY9B8qx/bvKQpHie/2sh+nGQQDzxZsVs5uGf XYKp8a0Q==;
In-reply-to: <CAH8yC8n0NJF-cB+AvnuyWZ+M1pbhBUnwySEzSs+1TcSShpL_rA@mail.gmail.com>
References: <CAH8yC8kGfwjq++kpW=m+gdkRoDOhF7NifAtA3DrFRqvp7A3nAA@mail.gmail.com> <20210102100829.GA860106@math.u-bordeaux.fr> <CAH8yC8n0NJF-cB+AvnuyWZ+M1pbhBUnwySEzSs+1TcSShpL_rA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0

Hey all,

On 02/01/2021 12:00, Jeffrey Walton wrote:
> On Sat, Jan 2, 2021 at 5:08 AM Karim Belabas
> <Karim.Belabas@math.u-bordeaux.fr> wrote:
>>
>> * Jeffrey Walton [2021-01-02 05:58]:
>>> Hi Everyone,
>>>
>>> I'm working through the elliptic curve tutorial at
>>> https://pari.math.u-bordeaux.fr/Events/PARI2017c/talks/ecc_en.pdf. I
>>> want to use a named curve, like secp256k1 or secp256r1. It does not
>>> appear to be covered in the tutorial.
>>> ...
>>> How do I create a named curve?
>>
>> The named curves mechanism only supports Cremona labels at this point
>> (for curves over Q sorted by conductor provided by the Cremona database,
>> which we repackage as 'elldata'); with the second syntax as in
>>
>>   E = ellinit("36a1");
>>
>> None of the crypto curves names (SEC2, FIPS 186-4, RFC3279, etc.) are
>> currently supported by this mechanism. It's an interesting option,
>> though, that would not be hard to support: Crenoma labels start by a
>> digit, all crypto curves names I am aware of start by a letter...
>>
>> What names would we need to support ?
>>   - [PKR]-* from FIPS
>>   - sec* from SEC2
>>   - prime* from RFC
> 
> curve25519 and curve448 are fairly popular. SEC-2/NIST and Bernstein's
> curve would probably keep most people happy.
> 
> The RFC 3279 curves may be useful, too. I seem to recall some of them
> are considered weak/wounded. I think some of them were from the 1998
> version of ANSI 9.62. They include c2pnb163v1 and wtls1. But they
> would probably make good academic material.

I co-created and maintain a repository of standard elliptic curves
used in cryptography at: https://neuromancer.sk/std/ and https://github.com/J08nY/std-curves.
The curves are available in JSON and the website provides SAGE code
that instantiates the curve, see for example: https://neuromancer.sk/std/secg/secp256r1.
I could add functionality that creates and displays PARI-GP code that instantiates
the curves as well.

I would otherwise be against directly including somewhat standard elliptic curves
in the PARI codebase, even though its not really my call, simply because of the large
amount of them and the hardness of saying what is really "standard" or "interesting".

Perhaps there can be a PARI script distributed that understands the kind of JSON format
we use in the std-curves repository or downloads them directly from github?

Cheers,
-- 
Jan

Follow-Ups:
- Re: How to use a named elliptic curve?
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>

References:
- How to use a named elliptic curve?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: How to use a named elliptic curve?
  - From: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>
- Re: How to use a named elliptic curve?
  - From: Jeffrey Walton <noloader@gmail.com>

Prev by Date: Re: How to use a named elliptic curve?
Next by Date: --libdir and pari.cfg file location
Previous by thread: Re: How to use a named elliptic curve?
Next by thread: Re: How to use a named elliptic curve?
Index(es):
- Date
- Thread