Performing Elliptic Curve Operations

version number; in Crypto-C, the only version available is 0.

The second argument specifies that you want your base field to be of the form Fp (p is an odd prime).

The third argument sets the length of a field element in bits; in this example, set it to be 160. For the prime field case, the size of a field element can be anywhere from 64 to 384 bits. The length of a field element, along with minOrderBits, strongly affects the security of the system; the greater the length, the greater the security. However, the greater the length, the longer it takes to generate key pairs and encrypt and decrypt. Currently, RSA Security recommends a size of 160 to 170 bits for minOrderBits for prototyping and evaluation; because minOrderBits defaults to 7 bits smaller than fieldElementBits, fieldElementBits should be set to 167–177 bits.

For the legal values for fieldElementBits in the even characteristic case, see the entry for AI_ECParamGen in Chapter 2 of the Reference Manual.

Note: Generating an elliptic curve for even characteristic without table lookup (fieldtype = FT_F2_ONB or FT_F2_POLYNOMIAL and tableLookup = 0) can be extremely time-consuming, taking several hours in some cases. In general, larger values for minOrderBits means longer times for curve generation. Therefore, if you wish to generate curves for even characteristic, but do not want to use table lookup, you can speed curve generation by setting a smaller value for minOrderBits. Remember, however, that the size of minOrderBits is directly tied to the security of your elliptic curve cryptosystem. Setting minOrderBits allows you to make a trade-off between the time it takes to generate curves and the security of your system.

For the fourth argument, you should always specify CI_NO_COMPRESS. Regardless of the value placed here, Crypto-C will represent the base and public key points as non- compressed. If elliptic curve point compression ever becomes of such practical value that it is implemented in a future release of Crypto-C, using CI_NO_COMPRESS will protect your application from unforeseen behavior when you rebuild your application.

For the fifth and six arguments, pass 0; this tells Crypto-C to use its internal algorithms to generate its own values:

2 6 2

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 283 Page 285
Page 284
Image 284
RSA Security 5.2.2 manual Performing Elliptic Curve Operations
Page 283 Page 285
Top Page Image Contents