[Cryptech Tech] Storage of curve parameters for ECDSA
Rob Austein
sra at hactrn.net
Wed Jan 13 23:11:56 UTC 2016
At Wed, 13 Jan 2016 21:30:33 +0300, Pavel Shatov wrote:
>
> On 13.01.2016 20:00, Russ Housley wrote:
> > I'm assuming that we are only supporting a few well-known curves. Therefore, you need to provide some form of identifier for the curve, but the actual parameters can be inside the FPGA.
>
> Well, yes, since our primary use case is DNSSEC, the two curves I'm
> working on are P-256 and P-384. Thanks for the identifier idea!
That's essentially what the C implementation does, see the
hal_curve_name_t enum typedef in sw/libhal/hal.h.
> > I see no problem treating "mu" as a curve parameter.
Note that there's another (much smaller) Montgomery parameter "rho"
("mu" is the "Montgomery normalization factor", "rho" is the
"Montgomery reduction value"). Both Montgomery parameters are derived
from the field modulus, and the C implementation stores both of them
with the curve parameters.
More information about the Tech
mailing list