diff options
Diffstat (limited to 'docs/LIBS.md')
| -rw-r--r-- | docs/LIBS.md | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/docs/LIBS.md b/docs/LIBS.md index 00dcaaf..d41f98a 100644 --- a/docs/LIBS.md +++ b/docs/LIBS.md @@ -3,15 +3,16 @@ Popular libraries with at least some ECC support: - [NSS](https://hg.mozilla.org/projects/nss) - - [libgcrypt](https://www.gnupg.org/related_software/libgcrypt/) - [mbedTLS](https://tls.mbed.org/) + - [LibreSSL](https://www.libressl.org/) - [Nettle](http://www.lysator.liu.se/~nisse/nettle/) - [OpenSSL (FIPS mode)](https://www.openssl.org/docs/fipsnotes.html) - - [BoringSSL](https://boringssl.googlesource.com/boringssl) - [Microsoft .NET crypto](https://docs.microsoft.com/en-us/dotnet/standard/security/cryptography-model) # Supported libraries +Libraries that ECTester can test. + - [BouncyCastle](https://bouncycastle.org/java.html) - Java - Works with the short Weierstrass curve model. @@ -54,6 +55,8 @@ Popular libraries with at least some ECC support: - Uses Lopez-Dahab (Montgomery) ladder, XZ coordinates (ec2_mont.c): Fast multiplication on elliptic curves over GF(2^m) without precomputation (Algorithm 2P) - Contains an implementation of IEEE P1363 algorithm A.10.3 using affine coordinates (ec2_aff.c) - Has some custom arithmetic for some of the NIST primes. + - [WolfCrypt](https://www.wolfssl.com) + - C + Java - [OpenSSL](https://www.openssl.org/) - C - For prime field curves: @@ -61,23 +64,41 @@ Popular libraries with at least some ECC support: - Also uses multiplication with precomputation by wNAF splitting(ec_mult.c) - For binary field curves: - Uses Jacobian coordinates, and Lopez-Dahab ladder, also uses wNAF-based interleaving multi-exponentiation method(ec2_smpl.c) - - [Botan](https://botan.randombit.net/) - - C++ - - Uses blinded(randomized) Montgomery ladder. - - <https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2> - - <https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc> - - <https://eprint.iacr.org/2015/657> - - ECTester supports v2.4.0 and up. - - [libtomcrypt](http://www.libtom.net/LibTomCrypt/) + - [BoringSSL](https://boringssl.googlesource.com/boringssl) - C - - Uses Jacobian coordinates. - - Sliding window scalar multiplication algorithm. + - Supports prime field curves only: + - Use Jacobian coordinates, and Montgomery ladder, also uses optimized arithmetic on NIST P-224, P-256. + - Bundled as a git submodule in `ext/boringssl`. To build and use run: +```bash +cd ext/boringssl +mkdir build && cd build +cmake -DBUILD_SHARED_LIBS=1 -GNinja .. +ninja +``` - [Crypto++](https://cryptopp.com/) - C++ - For prime field curves: - Uses projective coordinates and sliding window scalar multiplication algorithm. - For binary field curves: - Uses affine coordinates and sliding window scalar multiplication algorithm. + - [libtomcrypt](http://www.libtom.net/LibTomCrypt/) + - C + - Uses Jacobian coordinates. + - Sliding window scalar multiplication algorithm. + - [libgcrypt](https://www.gnupg.org/related_software/libgcrypt/) + - C + - Only supports prime field curves. + - Uses short Weierstrass, Montgomery and Twisted Edwards models. + - Uses left-to-right double-and-add always scalar multiplication and Jacobian coordinates in short Weierstrass form. + - Uses Montgomery ladder and X-only in Montgomery form. + - Uses left-to-right double-and-add always scalar multiplication in Twisted Edwards form. + - [Botan](https://botan.randombit.net/) + - C++ + - Uses blinded(randomized) Montgomery ladder. + - <https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2> + - <https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc> + - <https://eprint.iacr.org/2015/657> + - ECTester supports v2.4.0 and up. - [Microsoft CNG](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx) - C API. - Closed source. |