generated at
SP 800-186, Discrete Logarithm-Based Crypto: Elliptic Curve Parameters
SP 800-186, Discrete Logarithm-Based Crypto: Elliptic Curve Parameters | CSRC

楕円曲線暗号(ECC)のやつ。
ECDSAECDHは楕円曲線暗号(ECC)が含まれている
楕円曲線上の離散対数問題(EC-DLP)
出てくる楕円曲線
ワイエルシュトラス型楕円曲線
モンゴメリ型楕円曲線
捻じれエドワーズ曲線
ed25519

グループ
Crypto Forum Research Group (CFRG)
Internet Engineering Task Force (IETF)

認証プログラム
Cryptographic Algorithm Validation Program (CAVP)
Cryptographic Module Validation Program (CMVP)

目次
Table of Contents Executive Summary1
Introduction
2 Overview of Elliptic Curves4
2.1.1. Curves in Short-Weierstrass Form4
2.1.2. Montgomery Curves4
2.1.3. Twisted Edwards Curves5
2.2.1. Curves in Short-Weierstrass Form5
Recommended Curves for U.S. Federal Government Use6
3.1.1. Choice of Key Lengths6
3.1.2. Choice of Underlying Fields6
3.1.3. Choice of Basis for Binary Fields7
3.1.4. Choice of Curves8
3.2.1. Weierstrass Curves9
3.2.2. Montgomery Curves15
3.2.3. Twisted Edwards Curves17
3.3.1. Koblitz Curves21
3.3.2. Pseudorandom Curves24
References28
Appendix A. Details of Elliptic Curve Group Operations30
A.1.1. Group Law for Weierstrass Curves30
A.1.2. Group Law for Montgomery Curves30
A.1.3. Group Law for Twisted Edwards Curves30
A.2.1. Group Law for Weierstrass Curves31
Appendix B. Relationships Between Curve Models32
B.1. Mapping Between Twisted Edwards Curves and Montgomery Curves32
B.2. Mapping Between Montgomery Curves and Weierstrass Curves33
B.3. Mapping Between Twisted Edwards Curves and Weierstrass Curves33
B.4. 4-Isogenous Mapping34
Appendix C. Generation Details for Recommended Elliptic Curves35
C.1.1. Implementation Security Criteria35
C.2.1. Weierstrass Curves Over Prime Fields35
C.2.2. Montgomery Curves36
C.2.3. Twisted Edwards Curves37
C.2.4. Weierstrass Curves over Binary Fields37
C.3.1. Generation of Pseudorandom Curves (Prime Case)38
C.3.2. Verification of Curve Generation (Prime Case)39
C.3.3. Generation of Pseudorandom Curves (Binary Case)40
C.3.4. Verification of Curve Generation (Binary Case)41
Appendix D. Elliptic Curve Routines42
D.1.1. Non-binary Curves in Short-Weierstrass Form42
D.1.2. Montgomery Curves42
D.1.3. Twisted Edwards Curves43
D.1.4. Binary Curves in Short-Weierstrass Form44
D.2.1. Prime Curves in Short-Weierstrass Form45
D.2.2. Binary Curves in Short-Weierstrass Form46
Appendix E. Auxiliary Functions48
Appendix F. Data Conversion50
F.1. Conversion of a Field Element to an Integer50
F.2. Conversion of an Integer to a Field Element50
F.3. Conversion of an Integer to a Bit String50
F.4. Conversion of a Bit String to an Integer51
Appendix G. Implementation Aspects52
G.1.1. Curve P-22452
G.1.2. Curve P-25652
G.1.3. Curve P-38453
G.1.4. Curve P-52154
G.1.5. Curve2551954
G.1.6. Curve44854
G.3.1. Normal Bases57
G.3.2. Polynomial Basis to Normal Basis Conversion59
G.3.3. Normal Basis to Polynomial Basis Conversion59
Appendix H. Other Allowed Elliptic Curves61
Appendix I. List of Symbols, Abbreviations, and Acronyms62
Appendix J. Glossary64
List of Tables
Table 1. Approximate Security Strength of the Recommended Curves6
Table 2. Allowed Usage of the Specified Curves7

1. Introduction
2. Overview of Elliptic Curves
\mathrm{GF}(p)上の楕円曲線E
3. Recommended Curves for U.S. Federal Government Use

単語など
eliptic curve楕円曲線
prime filed素体
binary fieldバイナリ体、2進数体?、標数2上の体?
cardinality

確認用
Q. SP 800-186

関連
RFC 7748 - Elliptic Curves for Security
RFC 5639 - Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation
SP 800-56A Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
FIPS 186-5 Digital Signature Standard (DSS)

標数

#楕円曲線暗号(ECC) #NIST #離散対数問題(DLP) #SP
#文献