SP 800-186, Discrete Logarithm-Based Crypto: Elliptic Curve Parameters

SP 800-186, Discrete Logarithm-Based Crypto: Elliptic Curve Parameters | CSRC

楕円曲線暗号(ECC)のやつ。

ECDSAとECDHは楕円曲線暗号(ECC)が含まれている

楕円曲線上の離散対数問題(EC-DLP)

出てくる楕円曲線

グループ

Crypto Forum Research Group (CFRG)

Internet Engineering Task Force (IETF)

認証プログラム

Cryptographic Algorithm Validation Program (CAVP)

Cryptographic Module Validation Program (CMVP)

table:目次

Table of Contents Executive Summary 1

Introduction

2 Overview of Elliptic Curves 4

2.1.1. Curves in Short-Weierstrass Form 4

2.1.2. Montgomery Curves 4

2.1.3. Twisted Edwards Curves 5

2.2.1. Curves in Short-Weierstrass Form 5

Recommended Curves for U.S. Federal Government Use 6

3.1.1. Choice of Key Lengths 6

3.1.2. Choice of Underlying Fields 6

3.1.3. Choice of Basis for Binary Fields 7

3.1.4. Choice of Curves 8

3.2.1. Weierstrass Curves 9

3.2.2. Montgomery Curves 15

3.2.3. Twisted Edwards Curves 17

3.3.1. Koblitz Curves 21

3.3.2. Pseudorandom Curves 24

References 28

Appendix A. Details of Elliptic Curve Group Operations 30

A.1.1. Group Law for Weierstrass Curves 30

A.1.2. Group Law for Montgomery Curves 30

A.1.3. Group Law for Twisted Edwards Curves 30

A.2.1. Group Law for Weierstrass Curves 31

Appendix B. Relationships Between Curve Models 32

B.1. Mapping Between Twisted Edwards Curves and Montgomery Curves 32

B.2. Mapping Between Montgomery Curves and Weierstrass Curves 33

B.3. Mapping Between Twisted Edwards Curves and Weierstrass Curves 33

B.4. 4-Isogenous Mapping 34

Appendix C. Generation Details for Recommended Elliptic Curves 35

C.1.1. Implementation Security Criteria 35

C.2.1. Weierstrass Curves Over Prime Fields 35

C.2.2. Montgomery Curves 36

C.2.3. Twisted Edwards Curves 37

C.2.4. Weierstrass Curves over Binary Fields 37

C.3.1. Generation of Pseudorandom Curves (Prime Case) 38

C.3.2. Verification of Curve Generation (Prime Case) 39

C.3.3. Generation of Pseudorandom Curves (Binary Case) 40

C.3.4. Verification of Curve Generation (Binary Case) 41

Appendix D. Elliptic Curve Routines 42

D.1.1. Non-binary Curves in Short-Weierstrass Form 42

D.1.2. Montgomery Curves 42

D.1.3. Twisted Edwards Curves 43

D.1.4. Binary Curves in Short-Weierstrass Form 44

D.2.1. Prime Curves in Short-Weierstrass Form 45

D.2.2. Binary Curves in Short-Weierstrass Form 46

Appendix E. Auxiliary Functions 48

Appendix F. Data Conversion 50

F.1. Conversion of a Field Element to an Integer 50

F.2. Conversion of an Integer to a Field Element 50

F.3. Conversion of an Integer to a Bit String 50

F.4. Conversion of a Bit String to an Integer 51

Appendix G. Implementation Aspects 52

G.1.1. Curve P-224 52

G.1.2. Curve P-256 52

G.1.3. Curve P-384 53

G.1.4. Curve P-521 54

G.1.5. Curve25519 54

G.1.6. Curve448 54

G.3.1. Normal Bases 57

G.3.2. Polynomial Basis to Normal Basis Conversion 59

G.3.3. Normal Basis to Polynomial Basis Conversion 59

Appendix H. Other Allowed Elliptic Curves 61

Appendix I. List of Symbols, Abbreviations, and Acronyms 62

Appendix J. Glossary 64

List of Tables

Table 1. Approximate Security Strength of the Recommended Curves 6

Table 2. Allowed Usage of the Specified Curves 7

1. Introduction

2. Overview of Elliptic Curves

$ \mathrm{GF}(p) 上の楕円曲線$ E

3. Recommended Curves for U.S. Federal Government Use

table:単語など

eliptic curve 楕円曲線

prime filed 素体

binary field バイナリ体、2進数体？、標数2上の体？

cardinality

確認用

Q. SP 800-186