diff options
| author | J08nY | 2023-10-25 15:55:33 +0200 |
|---|---|---|
| committer | J08nY | 2023-10-25 15:55:33 +0200 |
| commit | fb641510ff53b93460e764061407f975cb790e43 (patch) | |
| tree | 9972f8616094cc6c2bd75e0bc016a1e5e7af4540 /docs/libraries.rst | |
| parent | 344b6bde5cad1884ac2900d12a3fe84cd168f800 (diff) | |
| download | pyecsca-fb641510ff53b93460e764061407f975cb790e43.tar.gz pyecsca-fb641510ff53b93460e764061407f975cb790e43.tar.zst pyecsca-fb641510ff53b93460e764061407f975cb790e43.zip | |
Diffstat (limited to 'docs/libraries.rst')
| -rw-r--r-- | docs/libraries.rst | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/docs/libraries.rst b/docs/libraries.rst new file mode 100644 index 0000000..292d4bc --- /dev/null +++ b/docs/libraries.rst @@ -0,0 +1,124 @@ +================ +ECC in Libraries +================ + +BouncyCastle +============ + +| Version: ``1.76`` (tag r1rv76) +| Repository: https://github.com/bcgit/bc-java/ +| Docs: https://bouncycastle.org/docs/docs1.8on/index.html + +Primitives +---------- + +Supports short-Weierstrass curves for the usual (ECDSA, ECDH). +Supports X25519, Ed25519. +Also more exotic stuff like ECMQV, GOST key exchange and signatures +and lots of others. + +Lots of `scalarmults <https://github.com/bcgit/bc-java/tree/r1rv76/core/src/main/java/org/bouncycastle/math/ec>`_ available: + - `Comb <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/FixedPointCombMultiplier.java>`_ + - `GLV <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/GLVMultiplier.java>`_ + - `Window NAF L2R <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/WNafL2RMultiplier.java>`_ + - `Window "tau" NAF <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java>`_ + +Several `coordinate systems <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L27>`_ supported: + - Affine + - Projective (Homogenous) + - Jaobian + - Jacobian-Chudnovsky + - Jacobian-Modified + - Lambda-Affine? (binary-field curves only) + - Lambda-Projective? (binary-field curves only) + - Skewed? (binary-field curves only) + +Some curve-custom code in: +https://github.com/bcgit/bc-java/tree/r1rv76/core/src/main/java/org/bouncycastle/math/ec/custom/sec +Specifically, fast-prime modular reduction for SECG curves, and (weirdly) a short-Weierstrass implementation of Curve25519. + +Ed25519 based on `Mike Hamburg's work <https://eprint.iacr.org/2012/309.pdf>`_. + +ECDH +^^^^ + +KeyGen: + - Short-Weierstrass + - `Comb <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java#L94>`_ via ``ECKeyPairGenerator.generateKeyPair -> ECKeyPairGenerator.createBasePointMultiplier``. + - `Jacobian-Modified <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L676>`_ via ``ECCurve.FP_DEFAULT_COORDS``. + SECP curves use Jacobian, SECT curves use Lambda-Projective. + - Formulas unknown. + +Derive: + - Short-Weierstrass + - `GLV if possible, else Window NAF <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L154>`_ via ``ECDHBasicAgreement.calculateAgreement -> ECPoint.multiply -> ECCurve.getMultiplier -> ECCurve.createDefaultMultiplier``. + - `Jacobian-Modified <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L676>`_ via ``ECCurve.FP_DEFAULT_COORDS``. + SECP curves use Jacobian, SECT curves use Lambda-Projective. + - Formulas unknown. + +ECDSA +^^^^^ + +KeyGen: + - Short-Weierstrass + - `Comb <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java#L94>`_ via ``ECKeyPairGenerator.generateKeyPair -> ECKeyPairGenerator.createBasePointMultiplier``. + - `Jacobian-Modified <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L676>`_ via ``ECCurve.FP_DEFAULT_COORDS``. + SECP curves use Jacobian, SECT curves use Lambda-Projective. + - Formulas unknown. + +Sign: + - Short-Weierstrass + - `Comb <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java#L237>`_ via + ``ECDSASigner.generateSignature -> ECDSASigner.createBasePointMultiplier``. + - `Jacobian-Modified <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L676>`_ via ``ECCurve.FP_DEFAULT_COORDS``. + SECP curves use Jacobian, SECT curves use Lambda-Projective. + - Formulas unknown. + +Verify: + - Short-Weierstrass + - `Multi-scalar GLV if possible, else multi-scalar Window NAF with Shamir's trick <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java#L72>`_ via ``ECDSASigner.verifySignature -> ECAlgorithms.sumOfTwoMultiples``. + - `Jacobian-Modified <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L676>`_ via ``ECCurve.FP_DEFAULT_COORDS``. + SECP curves use Jacobian, SECT curves use Lambda-Projective. + - Formulas unknown. + +X25519 +^^^^^^ + +KeyGen: + - Twisted-Edwards + - `Comb <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc8032/Ed25519.java#L92>`_ via + ``X25519.generatePublicKey -> X25519.scalarMultBase -> Ed25519.scalarMultBaseYZ -> Ed25519.scalarMultBase``. + - Many coordinate systems: Extended, half-Niels, affine. + - Some HWCD formulas are used. + +Derive: + - Montgomery + - `Ladder <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519.java#L93>`_ via + ``X25519.calculateAgreement -> X25519.scalarMult``. + - `xz <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519.java#L68>`_. + - `dbl-1987-m-3 <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519.java#L73>`_ and + some `ladd-1987 <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519.java#L111>`_ formula. + +Ed25519 +^^^^^^^ + +KeyGen: + - Twisted-Edwards + - `Comb <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc8032/Ed25519.java#L92>`_ via + ``Ed25519.generatePublicKey -> Ed25519.scalarMultBaseEncoded -> Ed25519.scalarMultBase``. + - Many coordinate systems: Extended, half-Niels, affine. + - Some HWCD formulas are used. + +Sign: + - Twisted-Edwards + - `Comb <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc8032/Ed25519.java#L92>`_ via + ``Ed25519.sign -> Ed25519.implSign -> Ed25519.scalarMultBaseEncoded -> Ed25519.scalarMultBase``. + - Many coordinate systems: Extended, half-Niels, affine. + - Some HWCD formulas are used. + +Verify: + - Twisted-Edwards + - `Multi-scalar Window-NAF with Straus's trick <https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc8032/Ed25519.java#L1329>`_ via + ``Ed25519.verify -> Ed25519.implVerify -> Ed25519.scalarMultStraus128Var``. + - Many coordinate systems: Extended, half-Niels, affine. + - Some HWCD formulas are used. |