projects / u / mdw / catacomb / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3cf9108) | patch
ec-info: Better checking of embedding degrees.
authorMark Wooding <mdw@distorted.org.uk>
Tue, 20 Feb 2007 17:32:07 +0000 (17:32 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Fri, 23 Feb 2007 14:24:49 +0000 (14:24 +0000)
commit61a0271a91d0019def76775ed5d1285cfd3a2fe5
tree0550ee939f5dbe1c499f24f8839cba6326e73568tree | snapshot (tar.gz zip)
parent3cf910802dbd1358ec4bcd934676f7d528a8295ecommit | diff
ec-info: Better checking of embedding degrees.

Replace the rather cheap embedding degree check with a more
sophisticated analysis.

  * Use the new key-size conversions from keysz-conv.c to determine a
    suitable embedding degree.

  * Following L. Hitt's paper, we ensure that no field with the same
    characteristic as the curve field is sufficiently small to cause
    concern; the old algorithm just checked extensions of the curve
    field, which can miss the smallest possible target field.

  * This involves a rather fancy algorithm which partially factors the
    curve order r - 1, making use of the new prime iteration code.

Still to do on this:

  * Work out how to identify curves where pairings will help an attacker
    solve the DDH problem.

  * Provide a mechanism for passing parameters to checking functions.
ec-info.c diff | blob | blame | history
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)