From f425d0ef1fcdad30ae7be544cb30304a71300133 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 14 Nov 2023 13:35:58 +0100 Subject: Add NSS. --- docs/libraries.rst | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 92 insertions(+), 1 deletion(-) (limited to 'docs/libraries.rst') diff --git a/docs/libraries.rst b/docs/libraries.rst index e5264ee..a7aa1e2 100644 --- a/docs/libraries.rst +++ b/docs/libraries.rst @@ -793,6 +793,97 @@ Verify: NSS === +| Version: ``3.94`` +| Repository: https://hg.mozilla.org/projects/nss +| Docs: + + +Primitives +---------- + +ECDH, ECDSA, also x25519. + +Two ECMethods: + - Curve25519 + - 32-bit -> own impl + - 64-bit -> HACL* + - P-256 from HACL* + +Several ECGroups: + - generic ``ECGroup_consGFp`` + - Montgomery arithmetic ``ECGroup_consGFp_mont`` + - P-256 + - P-384 from ECCkiila + - P-521 from ECCkiila + +The ECMethods override the scalarmult of the ECGroups in: + - ``ec_NewKey`` via ``ec_get_method_from_name`` and then calling the ``method.mul``. + - ``EC_ValidatePublicKey`` via ``ec_get_method_from_name`` and then calling the ``method.validate``. + - ``ECDH_Derive`` via ``ec_get_method_from_name`` and then calling the ``method.mul``. + - ``ECDSA_SignDigest`` and ``ECDSA_SignDigestWithSeed`` via ``ec_SignDigestWithSeed``, then ``ec_get_method_from_name`` and then calling the ``method.mul``. + + +P-256 from HACL* +^^^^^^^^^^^^^^^^ + +KeyGen: + - Short-Weierstrass + - Fixed Window (width = 4)? points to https://eprint.iacr.org/2013/816.pdf? via ``ec_secp256r1_pt_mul -> (Hacl*) Hacl_P256_dh_initiator -> point_mul_g`` + - projective-3 coords. + - `add-2015-rcb`, `dbl-2015-rcb-3` + +Derive: + - Same as KeyGen. + +Sign: + - Same as Keygen. + +Verify: + - Short-Weierstrass + - Multi-scalar simultaneous Fixed Window + - Same coords and formulas as KeyGen. + +P-384 +^^^^^ + +KeyGen: + - Short-Weierstrass + - Comb from ecckiila: ``EC_NewKeyFromSeed -> ec_NewKey -> ec_points_mul -> ECPoints_mul -> ecgroup.points_mul -> point_mul_two_secp384r1_wrap -> point_mul_g_secp384r1_wrap -> point_mul_g_secp384r1 -> fixed_smul_cmb``. + - projective-3 coords. + - `dbl-2015-rcb-3`, `madd-2015-rcb-3` also `add-2015-rcb` in point_add_proj. + +Derive: + - Short-Weierstrass + - Regular Window NAF (width = 5) from ecckiila: ``ECDH_Derive -> ec_points_mul -> ECPoints_mul -> ecgroup.points_mul -> point_mul_secp384r1_wrap -> point_mul_secp384r1 -> var_smul_rwnaf``. + - projective-3 coords. + - `dbl-2015-rcb-3`, `add-2015-rcb`. + +Sign: + - Same as KeyGen. + +Verify: + - Short-Weierstrass + - Interleaved multi-scalar window NAF (width = 5) with Shamir's trick from ecckiila: ``ECDSA_SignDigest -> ECDSA_SignDigestWithSeed -> ec_SignDigestWithSeed -> ec_points_mul -> ECPoints_mul -> ecgroup.points_mul -> point_mul_two_secp384r1_wrap -> point_mul_two_secp384r1 -> var_smul_wnaf_two`` + - projective-3 coords. + - `dbl-2015-rcb-3`, `madd-2015-rcb-3` also `add-2015-rcb` in point_add_proj. + +P-521 +^^^^^ + +Same as P-384. + +x25519 +^^^^^^ + +KeyGen: + - Montgomery + - Montgomery ladder via ``-> ec_Curve25519_pt_mul -> ec_Curve25519_mul``. + - xz coords + - Unknown ladder formula + +Derive: + - Same as KeyGen. + libsecp256k1 ============ @@ -810,7 +901,7 @@ ECDH KeyGen: - Short-Weierstrass - - `Fixed findow with full precomputation `__ via ``secp256k1_ec_pubkey_create -> secp256k1_ec_pubkey_create_helper -> secp256k1_ecmult_gen``. Window of size 4. + - `Fixed window with full precomputation `__ via ``secp256k1_ec_pubkey_create -> secp256k1_ec_pubkey_create_helper -> secp256k1_ecmult_gen``. Window of size 4. - Uses scalar blinding. - `Jacobian version of add-2002-bj `__ (via ``secp256k1_gej_add_ge``). - No doubling. -- cgit v1.2.3-70-g09d2