[apple/security.git] / OSX / libsecurity_cryptkit / lib / CurveParamDocs / README

TOOLS for Apple-CryptKit curve generation/testing.
24 Apr 2001 REC

The state-of-the-art in ECC (elliptic-curve cryptography)
is in a well known mode of imperfection.  For example,
it is very easy to generate CM (complex-multiplication)
curves, with known order and parameters; yet, it is suspected
by some (though unproven in any sense of rigor)
that better security accrues if curves are entirely
"random" in the sense of random base prime p, and random (a,b)
under minimal constraints such as prime curve order, etc.
Thus the collection of this Directory is a potpourri of
various tools, including a Schoof implementation (schoof.c, 
schoofs.c) for arbitrary curves.  As expected, said implementation
is very slow, yet we have used it for some of the current
CryptKit curves, while for other curves we have used the
fast CM methods, and for yet other curves we have borrowed
recommended parameters from other investigators.

Contained in this Directory are various C sources:

* curvegen.c, curvegenFEE.c
  Utility for generating CM curves, links to other sources
  as shown in comment atop source.

* factor.c
  Utility for factoring such as curve orders;
  see comment atop source.

* giants.c, ellproj.c, fmodule.c, tools.c
  Number-theoretical library sources, having standard and
  some ECC-specific tools.

* schoof.c, shoofs.c
  Curve-order finder, using the celebratd Schoof algorithm
  When run, you input p, a, b (Weierstrass parameterization)
  and out comes the curve order, sometimes after a very long
  wait.  The source schoofs.c is a "sieving Schoof" method
  as explained in the References below, for finding curves
  of prime-or-nearly-prime order (along with the same constraint
  for twists).

together with Mathematica sources:

* curverecords.nb
  A program to test current CryptKit points/orders.

* FEED affine.nb, FEEDsansY.nb
  Programs for testing FEED, in particular the integrity of
  any choice for x1Minus (a coordinate for the twist curve).

References

Crandall R and Pomerance C, "Prime numbers: a computational perspective," Springer-Verlag, 2001.

Crandall, R. E., U.S. Patents #5159632 (1992), #5271061 (1993),
    #5463690 (1994), "Method and apparatus for public key exchange in 
    a cryptographic system."

Crandall, R. E. 1996 U. S. Patent #5581616, "Method and apparatus
    for Digital Signature Authentication."
Commit	Line	Data
b1ab9ed8 A	1	TOOLS for Apple-CryptKit curve generation/testing.
	2	24 Apr 2001 REC
	3
	4	The state-of-the-art in ECC (elliptic-curve cryptography)
	5	is in a well known mode of imperfection. For example,
	6	it is very easy to generate CM (complex-multiplication)
	7	curves, with known order and parameters; yet, it is suspected
	8	by some (though unproven in any sense of rigor)
	9	that better security accrues if curves are entirely
	10	"random" in the sense of random base prime p, and random (a,b)
	11	under minimal constraints such as prime curve order, etc.
	12	Thus the collection of this Directory is a potpourri of
	13	various tools, including a Schoof implementation (schoof.c,
	14	schoofs.c) for arbitrary curves. As expected, said implementation
	15	is very slow, yet we have used it for some of the current
	16	CryptKit curves, while for other curves we have used the
	17	fast CM methods, and for yet other curves we have borrowed
	18	recommended parameters from other investigators.
	19
	20	Contained in this Directory are various C sources:
	21
	22	* curvegen.c, curvegenFEE.c
	23	Utility for generating CM curves, links to other sources
	24	as shown in comment atop source.
	25
	26	* factor.c
	27	Utility for factoring such as curve orders;
	28	see comment atop source.
	29
	30	* giants.c, ellproj.c, fmodule.c, tools.c
	31	Number-theoretical library sources, having standard and
	32	some ECC-specific tools.
	33
	34	* schoof.c, shoofs.c
	35	Curve-order finder, using the celebratd Schoof algorithm
	36	When run, you input p, a, b (Weierstrass parameterization)
	37	and out comes the curve order, sometimes after a very long
	38	wait. The source schoofs.c is a "sieving Schoof" method
	39	as explained in the References below, for finding curves
	40	of prime-or-nearly-prime order (along with the same constraint
	41	for twists).
	42
	43	together with Mathematica sources:
	44
	45	* curverecords.nb
	46	A program to test current CryptKit points/orders.
	47
	48	* FEED affine.nb, FEEDsansY.nb
	49	Programs for testing FEED, in particular the integrity of
	50	any choice for x1Minus (a coordinate for the twist curve).
	51
	52	References
	53
	54	Crandall R and Pomerance C, "Prime numbers: a computational perspective," Springer-Verlag, 2001.
	55
	56	Crandall, R. E., U.S. Patents #5159632 (1992), #5271061 (1993),
	57	#5463690 (1994), "Method and apparatus for public key exchange in
	58	a cryptographic system."
	59
	60	Crandall, R. E. 1996 U. S. Patent #5581616, "Method and apparatus
	61	for Digital Signature Authentication."
	62