文章目录
- 2. Overview of Elliptic Curves
- 2.1 Non-binary Curves
- 2.1.1 Curves in Short-Weierstrass Form
- 2.1.2 Montgomery Curves
- 2.1.3 Twisted Edwards Curves
- 2.2 Binary Curves
- 2.2.1. Curves in Short-Weierstrass Form
- 3. Recommended Curves for U.S. Federal Government Use
- 3.1 Choice of Underlying Fields
- 3.1.2. Choice of Underlying Fields
- 3.1.4 Choice of Curves
- 3.2 Curves Over Prime Fields
- 3.3 Curves Over Binary Fields
2. Overview of Elliptic Curves
一些概念:
- E, an elliptic curve defined over the field GF(q).
- |E| = (q +1) - t
- t, the trace of E over the field GF(q)
- E’, a quadratic twist(二次扭曲) of E
If R is a point on the curve that is also contained in 〈P〉, there is a unique integer k in the interval [0, l−1] so that R = kP, where l is the order of P in E. This number is called the discrete logarithm of R to the base P. The discrete logarithm problem is the problem of finding the discrete logarithm of R to the base P for any two points P and R on the curve, if such a number exists.
2.1 Non-binary Curves
2.1.1 Curves in Short-Weierstrass Form
维尔斯特拉斯形式曲线
Let GF(q) denote the finite field with q elements, where q is an odd prime power and is not
divisible by three.
Wa,b 代表这类曲线。
4 a 3 + 27 b 2 ≠ 0 m o d P y 2 = x 3 + a x + b m o d P a , b ∈ G F ( P ) 4a^3+27b^2\ne 0 \mod P \\ y^2=x^3+ax+b \mod P \\ a,b\in GF(P) 4a3+27b2=0modPy2=x3+ax+bmodPa,b∈GF(P)
A Seed value may be used to generate the parameters a and b as described in Appendix C.2.1.1
2.1.2 Montgomery Curves
蒙哥马利曲线
Ma,b 代表这类曲线
M A , B : B v 2 = u ( u 2 + A u + 1 ) A ≠ ± 2 B ≠ 0 M_A,_B : B v^2 = u (u^2 + A u + 1) \\ A \neq \pm 2 \\ B \neq 0 MA,B:Bv2=u(u2+Au+1)A=±2B=0
2.1.3 Twisted Edwards Curves
扭曲爱德华兹曲线
Ea,d 代表这类曲线
a x 2 + y 2 = 1 + d x 2 y 2 d ≠ 0 a ≠ d a x^2 + y^2 = 1+ d x^2 y^2 \\ d \neq 0 \\ a \neq d ax2+y2=1+dx2y2d=0a=d
and a is a square in GF(q) while d is not.
An Edwards curve is a twisted Edwards curve with a = 1
2.2 Binary Curves
2.2.1. Curves in Short-Weierstrass Form
Ba,b代表这类曲线
GF(q)代表有q个元素的有限域,q=2m
y 2 + x y = x 3 + a x 2 + b y^2 + xy = x^3+ a x^2 + b y2+xy=x3+ax2+b
3. Recommended Curves for U.S. Federal Government Use
3.1 Choice of Underlying Fields
3.1.2. Choice of Underlying Fields
| Specified Curves | Allowed Usage |
|---|---|
| K-233, B-233 K-283, B-283 K-409, B-409 K-571, B-571 | Deprecated |
| P-224 P-256 P-384 P-521 | ECDSA, EC key establishment (see [SP_800-56A]) |
| Edwards25519 Edwards448 | EdDSA |
| Curve25519, W-25519 Curve448, E448, W-448 | Alternative representations included for implementation flexibility. Not to be used for ECDSA or EdDSA directly |
Security Strength
| Security Strength | Recommended Curves |
|---|---|
| 112 | P-224, K-233, B-233 |
| 128 | P-256, W-25519, Curve25519, Edwards25519, K-283, B-283 |
| 192 | P-384, K-409, B-409 |
| 224 | W-448, Curve448, Edwards448, E448 |
| 256 | P-521, K-571, B-571 |
3.1.4 Choice of Curves
Two kinds of curves are given:
- Pseudorandom curves, coefficients = hash(seed). Appendix C.3
- Special curves, whose coefficients and underlying fields have been selected to
optimize the efficiency of the elliptic curve operations.
3.2 Curves Over Prime Fields
这一部分介绍了各种素域上的曲线。
3.3 Curves Over Binary Fields
Deprecated
