From: Mark Wooding Date: Mon, 19 May 2014 15:49:22 +0000 (+0100) Subject: math/ectab.in: Add the BADA55 curves by Bernstein et al. X-Git-Tag: 2.1.7~4 X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/commitdiff_plain/a5591f917bd97e7b0874ee0f1fb158681382ae3e math/ectab.in: Add the BADA55 curves by Bernstein et al. --- diff --git a/math/ectab.in b/math/ectab.in index afcd472c..9665050e 100644 --- a/math/ectab.in +++ b/math/ectab.in @@ -768,4 +768,64 @@ curve brainpool-p512t1 prime gx 0x640ece5c12788717b9c1ba06cbc2a6feba85842458c56dde9db1758d39c0313d82ba51735cdb3ea499aa77a7d6943a64f7a3f25fe26f06b51baa2696fa9035da gy 0x5b534bd595f5af0fa2c892376c84ace1bb4e3019b71634c01131159cae03cee9d9932184beef216bd71df2dadf86a627306ecff96dbb8bace198b61e00f8b332 +#----- BADA55 curves -------------------------------------------------------- +# +# These are from http://safecurves.cr.yp.to/bada55.html. The twist security +# properties actually seem useful, so I'm including them here, despite the +# fact that they were obviously made primarily to make a point about +# `verifiably random' curves. +# +# I've had to choose generators myself; in each case, I chose the smallest +# possible x-coordinate, and the smaller possible y-coordinate for that x. + +curve bada55-vr-224 niceprime + p 0xffffffffffffffffffffffffffffffff000000000000000000000001 + a 0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe + b 0xfd9ca54c0738b8a6fb8cf4cdb328e75983d6da1b78b6223463375562 + r 0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079 + h 1 + gx 3 + gy 0x32e826f050bdf4c3f4292fa4efa50146b0fd3f342da5e081badbc36c + +curve bada55-vpr-224 niceprime + p 0xffffffffffffffffffffffffffffffff000000000000000000000001 + a 0x8110b017fda88a224f3f64f3964926308dec9784b13c08f09f4ffc4a + b 0x5587342f92ba3091a9ba09ad867f4cef85778edb831054f9cb5b3ed5 + r 0xffffffffffffffffffffffffffff473fa5d3e9bf40a95a8d3f014add + h 1 + gx 0 + gy 0x5bf50773d4af0f3caba87919b7504fcbd4549f9f845d19aa369dbabe + +curve bada55-vpt-224 niceprime + # The page doesn't provide an isomorphic curve with a = -3, which is + # unsurprising because (unlike the real Brainpool curves) there isn't one. + # So this is the quadratic twist of BADA55-VPR-224, which (by construction) + # also has prime order. + #Z sqrt(39bef747a58ef82f6d337dd7dfd37641688b10cacfbd45448673c6dd) + p 0xffffffffffffffffffffffffffffffff000000000000000000000001 + a 0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe + b 0x3c1f1d26b674d3a1a0a34a808decd83dea4fd207b9896a88031ef63a + r 0x10000000000000000000000000000b8be5a2c1640bf56a572c0feb527 + h 1 + gx 3 + gy 0x2df5bbdfd22559ee826d7d3ce60914e4f8609579eddd3c0a07dff90c + +curve bada55-vr-256 niceprime + p 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff + a 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc + b 0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c + r 0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91 + h 1 + gx 0 + gy 0x5310d24619c2e5b721e14dcedc3332d0be3ce9347161ebbc14a43fc7fad546d2 + +curve bada55-vr-384 niceprime + p 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff + a 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc + b 0xbada55ec3be2ad1f9eeea5881ecf95bbf3ac392526f01d4cd13e684c63a17cc4d5f271642ad83899113817a61006413d + r 0xfffffffffffffffffffffffffffffffffffffffffffffffeefe1169b82ff7e5032c683f766fae57359cfc5fc25ffce37 + h 1 + gx 2 + gy 0x37d4cb922a8a155845ae2b2884c788a01a22fbf621a7918dc1f18a89fad6df0ab3169acfa538eb7c6c1c9cda7cfb5023 + #----- That's all, folks-----------------------------------------------------