On Wed, Feb 18, 2015 at 09:19:32PM -0700, Peter Saint-Andre - &yet wrote:
> >Section 4.4. "Modular vs. Elliptic Curve"
> >
> >I think that "finite field" or "modp" are more common than "modular".
>
> I have been told that elliptic curves are also finite fields, but I am not a
> cryptographer.
Elliptic Curves are not Finite Fields. Elliptic curves can be
defined over finite fields, but the points on the curve constitute
only an Abelian (commutative) group, not a field.
In fact, the phrase "modular" would be unfortunate in this context,
because with Elliptic Curves in takes on a completely different
meaning (see Wikipedia entry on the "Modularity Theorem").
So I support a change of terminology to "modp", since with DHE only
the fields $F_p$ with $p$ a prime are used, and in fact the DH
algorithm only uses the multiplicative (mod p) group structure of
the non-zero elements of the field (which form an Abelian group
with p-1 elements).
With modp DHE and with Elliptic Curves one looks for the number of
elements in the resulting group to be a small multiple of a prime
$q$, and then an element (generator or base point) is chosen which
generates a subgroup of size $q$.
With DHE typically that multiple (or "cofactor") is 2, and primes
$p$ where $p-1$ is equal to $2q$ with $q$ also prime are called
"safe", with $q$ called a Sophie-Germain prime. If $q$ is 11 modulo
12 (or equivalently $p$ is 23 mod 24) then the generator can be
chosen to be 2. So DHE in practice uses exactly this type of prime.
With Elliptic Curves the "cofactor" is often 4 or 8.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
