Skip to content

mirage-crypto-ec: add Brainpool curves with 254/384/512 bits #260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

mirage-crypto-ec: add Brainpool curves with 254/384/512 bits #260

wants to merge 5 commits into from

Conversation

ansiwen
Copy link
Contributor

@ansiwen ansiwen commented Mar 10, 2025

This change adds the Brainpool curves, namely brainpoolP254r1,
brainpoolP384r1, brainpoolP512r1. The implementation internally uses the
twisted versions of the curves (...t1) in order to use the same a=-3 EC
arithmetic as the NIST curves. Point coordinates in regular form are
transformed to twisted form before calculations, and vice versa afterwards.

Based on: #259, merge that first

ansiwen added 4 commits March 5, 2025 01:38
@ansiwen
mirage-crypto-ec: restructure mirage_crypto_ec.ml for SECP256K1
c156b39 
This change modularizes the point representation in preparation for the
SECP256K1 implementation, which is based on ECCKiila and uses a different
point representation.
@ansiwen
mirage-crypto-ec: implementation of SECP256K1
2a72233 
This change implements the SECP256K1 curve (also known as the Bitcoin
curve).
 - field primitives are generated by the fiat-crypto project[1]
 - point primitives are generated by the ECCKiila project[2]
 - Ocaml point operations are taken from NIST implementation, adapted to
   ECCKiila point primitives and optimized for a=0.
 - testvectors for ECDH and ECDSA verification from wycheproof[3]

Closes: mirage#187

[1] https://github.com/mit-plv/fiat-crypto
[2] https://gitlab.com/nisec/ecckiila
[3] https://github.com/C2SP/wycheproof
@ansiwen
mirage-crypto-ec: make gen_tables independent of host architecture
e3b3b67
@ansiwen
mirage-crypto-ec: add a transform layer in preparation for twisted cu…
3495beb 
…rves
@ansiwen ansiwen force-pushed the brainpool branch 2 times, most recently from a10936b to 1a26204 Compare March 10, 2025 17:59
@ansiwen ansiwen marked this pull request as ready for review March 10, 2025 18:32
@ansiwen
Copy link
Contributor Author

ansiwen commented Mar 10, 2025

Setting to "ready for review" although some CI tests are failing. Not sure why. Any clue how this can happen, but only for 4.14.2 on ubuntu and windows? Is there maybe a cache issue (because the file was indeed missing before)?

@ansiwen
Copy link
Contributor Author

ansiwen commented Jul 1, 2025

Setting to "ready for review" although some CI tests are failing. Not sure why. Any clue how this can happen, but only for 4.14.2 on ubuntu and windows? Is there maybe a cache issue (because the file was indeed missing before)?

Answering myself: Mac is case-insensitive, and the files in test_ec_wycheproof.ml had lower-case p.

@ansiwen
mirage-crypto-ec: add Brainpool curves with 254/384/512 bits
504e347 
This change adds the Brainpool curves, namely brainpoolP254r1,
brainpoolP384r1, brainpoolP512r1.  The implementation internally uses the
twisted versions of the curves (...t1) in order to use the same a=-3 EC
arithmetic as the NIST curves.  Point coordinates in regular form are
transformed to twisted form before calculations, and vice versa afterwards.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ansiwen