At Wed, 13 Jan 2016 21:30:33 +0300, Pavel Shatov wrote:
>
> On 13.01.2016 20:00, Russ Housley wrote:
> > I'm assuming that we are only supporting a few well-known curves.
> > Therefore, you need to provide some form of identifier for the curve, but
> > the actual parameters can be inside the FPGA.
>
> Well, yes, since our primary use case is DNSSEC, the two curves I'm
> working on are P-256 and P-384. Thanks for the identifier idea!
That's essentially what the C implementation does, see the
hal_curve_name_t enum typedef in sw/libhal/hal.h.
> > I see no problem treating "mu" as a curve parameter.
Note that there's another (much smaller) Montgomery parameter "rho"
("mu" is the "Montgomery normalization factor", "rho" is the
"Montgomery reduction value"). Both Montgomery parameters are derived
from the field modulus, and the C implementation stores both of them
with the curve parameters.
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech
