Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [elliptic-curves]

Elliptic curves are algebraic-geometric structures with applications in cryptography. Such a curve consists of the set of solutions to a cubic equation over a finite field equipped with a group operation. Questions relating to elliptic curves and derived algorithms should use this tag and might also consider more specific tags such as discrete-logarithm and ecdsa.

2345 questions
182
votes
4 answers

Why is elliptic curve cryptography not widely used, compared to RSA?

I recently ran across elliptic curve crypto-systems: An Introduction to the Theory of Elliptic Curves (Brown University) Elliptic Curve Cryptography (Wikipedia) Performance analysis of identity management in the Session Initiation Protocol (SIP)…
Vineet Menon
  • 2,025
  • 3
  • 14
  • 10
164
votes
4 answers

Should we trust the NIST-recommended ECC parameters?

Recent articles in the media, based upon Snowden documents, have suggested that the NSA has actively tried to enable surveillance by embedding weaknesses in commercially-deployed technology -- including at least one NIST standard. The NIST FIPS…
D.W.
  • 36,982
  • 13
  • 107
  • 196
70
votes
3 answers

Why Curve25519 for encryption but Ed25519 for signatures?

NaCl and libsodium libraries use Curve25519 for authenticated encryption (actually for sharing a key which is used for encryption) and Ed25519 for signatures. What is the purpose of using different primitives for these operations? Why just not to…
user10651
60
votes
4 answers

Is secp256r1 more secure than secp256k1?

Curves secp256r1 and secp256k1 are both examples of two elliptic curves used in various asymmetric cryptography. Googling for these shows most of the top results are Bitcoin related. I've heard the claim that… Satoshi picked non-standard crypto…
ripper234
  • 1,077
  • 1
  • 10
  • 13
57
votes
2 answers

ECDSA vs ECIES vs ECDH

Recently I started studying Elliptic Curve Cryptography and I just loved it. I want to transfer some big data (like 3KB), What is the best method, ECDSA, ECIES, or ECDH (and why)? I am confused, how should I choose between ECDSA, ECIES and ECDH?
user3160055
  • 673
  • 1
  • 6
  • 4
53
votes
6 answers

Who uses Dual_EC_DRBG?

Recent news articles have suggested that the NSA may be involved in trying to influence the cryptography in public standards or commercially deployed software, to enable the NSA to decrypt the encrypted traffic. For example, see this article in the…
D.W.
  • 36,982
  • 13
  • 107
  • 196
48
votes
3 answers

How does recovering the public key from an ECDSA signature work?

It is possible to recover the public key from an ECDSA signature values $(r,s)$? Please explain how this works.
Jan Moritz
  • 714
  • 1
  • 6
  • 20
43
votes
4 answers

Basic explanation of Elliptic Curve Cryptography?

I have been studying Elliptic Curve Cryptography as part of a course based on the book Cryptography and Network Security. The text for provides an excellent theoretical definition of the algorithm but I'm having a hard time understanding all of the…
user5507
  • 1,933
  • 5
  • 21
  • 29
40
votes
1 answer

Why do the elliptic curves recommended by NIST use 521 bits rather than 512?

Wikipedia says in reference to the elliptic curves officially recommended by NIST in FIPS 186-3: Five prime fields for certain primes p of sizes 192, 224, 256, 384, and 521 bits. For each of the prime fields, one elliptic curve is recommended. The…
Zack Elan
  • 503
  • 1
  • 4
  • 5
40
votes
1 answer

ECDSA, EdDSA and ed25519 relationship / compatibility

I'm trying to understand the relationship between those three signature schemes (ECDSA, EdDSA, and ed25519) and mainly to what degree they are mutually compatible in the sense of key-pair derivation, signing, and signature verification. But I was…
Rafael Korbas
  • 503
  • 1
  • 4
  • 6
39
votes
1 answer

Explaining weakness of Dual EC DRBG to wider audience?

I have an audience of senior (non-technical) executives and senior technical people who are taking the backdoor in Dual_EC_DRBG and considering it as a weakness of Elliptic curves in general. I can take a max of about 10 mins in my presentation to…
DeepSpace101
  • 1,717
  • 3
  • 17
  • 24
37
votes
4 answers

Can ECDSA signatures be safely made "deterministic"?

Using the terminology of the ECDSA Wikipedia page, ECDSA (and DSA) signatures require a random k value for each signature which ensures that the signature is different each time even if the message and key are the same. For some applications, a…
ByteCoin
  • 747
  • 1
  • 6
  • 7
35
votes
4 answers

What is so special about elliptic curves?

There seems to be sources like this, this also, and some introductions that discuss elliptic curves in general and how they're used. But what I'd like to know is why these particular curves are so important in cryptography as opposed to, let's say,…
stackuser
  • 583
  • 4
  • 7
34
votes
2 answers

What does "birational equivalence" mean in a cryptographic context?

In a recent question on using the same curve for signing and ECDH it was noted for the Ed25519 curve and Curve25519: Nitpick: the curves are birationally equivalent, not isomorphic. Now this term shows up quite often in cryptography, especially…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
34
votes
3 answers

Why would anyone use an elliptic curve with a cofactor > 1?

In cryptography, an elliptic curve is a group based on a finite field $GF(p^k)$; this group has $n$ elements on it, and we work on a prime-sized subgroup of size $q$. We denote the value $h = n/q$ as the cofactor of the curve. My question is: why…
poncho
  • 154,064
  • 12
  • 239
  • 382
1
2 3
99 100