"Claudio Orlandi" <[EMAIL PROTECTED]> writes: >> From reading the Wikipedia page linked below it seems very simple >> to implement. But if it should be fast, then a library is of course >> much better than a home-grown Python version. > > It's also about security. I would like an implementation that deals, > at least, with the most common side-channel attacks. Other issues > are which curve do you use, which kind of point representation, ...
Right, I see what you mean... I have looked at the libraries listed on these pages: * http://www.homeport.org/~adam/crypto/table.html * http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography Some comments: * Botan (http://botan.randombit.net/): Nice clean C++ code, but unfortunately no ECC. * Crypto++ (http://cryptopp.com/): Typical chaotic Windows C++ code with very long lines, a zip file which unpacks to the current directory, and a license that is almost-but-not-quite public domain (sigh)... On the plus side it supports lots of stuff, including ECC, and the ChangeLog mentions security fixes against side-channel attacks. The compilation failed on my system with some problems in the assembler code, but I'm sure that can be fixed. * libecc (http://libecc.sourceforge.net/): ECC library in C++ which has a bunch documentation which describes the math behind the code. * OpenSSL (http://openssl.org/): Some ECC support, has a non-standard license (not BSD, not (L)GPL or similar) with an advertisement clause... There are some Python wrappers for OpenSSL and the M2Crypto package exposes an EC module which allows us to do EC DSA: http://chandlerproject.org/Projects/MeTooCrypto But I guess we want access to efficient arithmetic in the group provided by the elliptic curve, right? There might be other libraries out there, but depending on what we want the Crypto++ or OpenSSL library seems the most promissing. For Crypto++ we would have to make our own Python bindings. I don't have any experience with this, but from what I have read about such bindings this can range from tedious to difficult depending on how the memory management is done in the library and how direct its objects can be mapped to Python objects. > So Micheal used mostly pairing-friendly curves, that is really what > we don't want here. Anyway, he suggested to have a look at the > MIRACL library. The problem with this one is that is not open > source, it's free just if you use it for fun... Yeah, so that is not usable for VIFF :-( -- Martin Geisler _______________________________________________ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk