github/std-curves
1
1
Fork 0
mirror of https://github.com/J08nY/std-curves.git synced 2026-01-10 05:48:08 -05:00
Code Issues 2 Packages Projects Releases Wiki Activity

Merge pull request #1 from J08nY/feature/generation-methods

Browse Source 
Add SECG, NIST, ANSI generation methods.
This commit is contained in:
Ján Jančár
2020-10-02 23:46:55 +02:00
committed by GitHub
parent 3fdc84205f 61dd37015c
commit 9837dfac2f
14 changed files with 447 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
gatsby-browser.js
View File

@@ -1,4 +1,7 @@
import "typeface-roboto"
import "typeface-ibm-plex-mono"
import "typeface-noto-sans"
import "katex/dist/katex.min.css"
import "katex/dist/katex.min.css"
import "pseudocode/build/pseudocode.min.css"
import "./src/styles/misc.css"

13
gatsby-node.js
View File

@@ -149,11 +149,22 @@ exports.createPages = async ({ graphql, actions }) => {
});
}
exports.onCreateWebpackConfig = ({ actions, stage }) => {
exports.onCreateWebpackConfig = ({ stage, loaders, actions }) => {
if (stage === 'build-javascript') {
// turn off source-maps
actions.setWebpackConfig({
devtool: false
})
} else if (stage === "build-html") {
actions.setWebpackConfig({
module: {
rules: [
{
test: /pseudocode/,
use: loaders.null(),
},
],
},
})
}
}

3
package.json
View File

@@ -27,6 +27,7 @@
"@mdx-js/react": "^1.6.16",
"@mdx-js/runtime": "^1.6.16",
"@theme-ui/color": "^0.2.53",
"@theme-ui/components": "^0.3.1",
"@theme-ui/prism": "^0.2.50",
"acorn": "^6.4.1",
"d3": "^5.16.0",
@@ -43,6 +44,7 @@
"gatsby-transformer-xml": "^2.3.10",
"gatsby-transformer-yaml": "^2.4.10",
"prismjs": "^1.21.0",
"pseudocode": "^2.2.0",
"react": "^16.13.1",
"react-async-component": "^2.0.0",
"react-d3-graph": "^2.5.0",
@@ -60,6 +62,7 @@
"typescript": "^3.9.7"
},
"devDependencies": {
"gh-pages": "^3.1.0",
"prettier": "^1.19.1"
},
"repository": {

22
src/components/Pseudocode.js Normal file
View File

@@ -0,0 +1,22 @@
/** @jsx jsx */
import {jsx} from "theme-ui";
import {render as renderCode} from "pseudocode"
let cache = {}
function Pseudocode({code, options}) {
if (typeof window === `undefined`) {
return <div/>;
}
let key = JSON.stringify({"code": code, "options": options});
let rendered = null;
if (key in cache) {
rendered = cache[key];
} else {
rendered = renderCode(code, null, options);
cache[key] = rendered;
}
return <div ref={ref => {if (ref) ref.appendChild(rendered); return ref}}></div>;
}
export default Pseudocode

3
src/pages/index.js
View File

@@ -63,7 +63,8 @@ export default ({data, location}) => {
<Styled.p>
The curve listing includes its parameters, computed characteristics such as number of points or j-invariant as
well as SAGE code which can be used to instantiate the curve and a JSON export of all of the curve data.
New curves are currently being added, the database is definitely not complete.
New curves are currently being added, the database is definitely not complete. This site also
contains <Link to={"/methods"}>documentation</Link> of the several methods of generating elliptic curves which are in the database.
</Styled.p>
<Styled.p>
The presence of a certain curve in this database does not mean that the curve is secure, only that it is notable

24
src/pages/methods/bls.js
View File

@@ -1,6 +1,5 @@
import React from 'react'
import Entry from '../../components/entry'
import Equation from '../../components/Equation'
import Link from '../../components/Link'
import CodeBlock from '../../components/CodeBlock'
import { Styled } from "theme-ui";
@@ -62,33 +61,34 @@ class BLS24(BLS):
Given an integer <InlineMath>{`z \\in \\mathbb{N}`}</InlineMath> the BLS curve with embedding degree <InlineMath>12</InlineMath> can
be constructed over a prime field <InlineMath>{`\\mathbb{F}_p`}</InlineMath> with the number of points <InlineMath>r</InlineMath> and
a trace of Frobenius <InlineMath>t</InlineMath>.
<BlockMath>
{`\\begin{aligned}
</Styled.p>
<BlockMath>
{`\\begin{aligned}
p(z) &= (z - 1)^2 (z^4 - z^2 + 1)/3 + z\\\\
r(z) &= z^4 - z^2 + 1\\\\
t(z) &= z + 1
\\end{aligned}`}
</BlockMath>
</Styled.p>
</BlockMath>
<Styled.h3>BLS24</Styled.h3>
<Styled.p>
Given an integer <InlineMath>{`z \\in \\mathbb{N}`}</InlineMath> the BLS curve with embedding degree <InlineMath>24</InlineMath> can
be constructed over a prime field <InlineMath>{`\\mathbb{F}_p`}</InlineMath> with the number of points <InlineMath>r</InlineMath> and
a trace of Frobenius <InlineMath>t</InlineMath>.
<BlockMath>
{`\\begin{aligned}
</Styled.p>
<BlockMath>
{`\\begin{aligned}
p(z) &= (z - 1)^2 (z^8 - z^4 + 1)/3 + z\\\\
r(z) &= z^8 - z^4 + 1\\\\
t(z) &= z + 1
\\end{aligned}`}
</BlockMath>
</Styled.p>
</BlockMath>
<Styled.p>
The class of curves has the Short-Weierstrass form:
<Equation>
</Styled.p>
<BlockMath>
y^2 \equiv x^3 + b
</Equation>
</BlockMath>
<Styled.p>
where given <InlineMath>z</InlineMath> such that <InlineMath>p(z)</InlineMath> is prime, a curve with
a prime order subgroup of <InlineMath>r(z)</InlineMath> points can be found either via complex multiplication
or by exhaustively trying small coefficients <InlineMath>b</InlineMath> until a curve is found.

7
src/pages/methods/bn.js
View File

@@ -1,6 +1,5 @@
import React from 'react'
import Entry from '../../components/entry'
import Equation from '../../components/Equation'
import Link from '../../components/Link'
import { BlockMath, InlineMath } from 'react-katex'
import CodeBlock from "../../components/CodeBlock"
@@ -56,9 +55,11 @@ export default ({data, location}) => {
</Styled.p>
<Styled.p>
The class of curves has the Short-Weierstrass form:
<Equation>
</Styled.p>
<BlockMath>
y^2 \equiv x^3 + b
</Equation>
</BlockMath>
<Styled.p>
where given <InlineMath>z</InlineMath> such that <InlineMath>p(z)</InlineMath> is prime, a curve with
a prime order subgroup of <InlineMath>r(z)</InlineMath> points can be found either via complex multiplication
or by exhaustively trying small coefficients <InlineMath>b</InlineMath> until a curve is found.

146
src/pages/methods/brainpool.js
View File

@@ -1,14 +1,154 @@
import React from 'react'
import Entry from '../../components/entry'
import { Styled } from "theme-ui"
import Link from "../../components/Link";
import Pseudocode from "../../components/Pseudocode";
import { InlineMath } from "react-katex";
export default ({data, location}) => {
let rfcCodeCommon = `
\\begin{algorithm}
\\caption{RFC5639 UpdateSeed}
\\begin{algorithmic}
\\PROCEDURE{UpdateSeed}{$s$}
\\STATE Convert $s$ to an integer $z$
\\STATE Convert $(z+1) \\mod 2^{160}$ to a bit string $t$
\\RETURN $t$
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}
`;
let rfcCodePrimes = `
\\begin{algorithm}
\\caption{RFC5639 Verifiably Random Primes}
\\begin{algorithmic}
\\INPUT bit size $L$ of the required prime
\\INPUT 160 bit-string seed $s$
\\PROCEDURE{GeneratePrime}{$s$}
\\STATE Let $c = $ \\CALL{FindInteger}{$s$}
\\STATE Let $p$ be the smallest prime $p \\ge c$ with $p \\equiv 3 \\mod 4$
\\IF{$2^{L-1} \\le p \\le 2^L - 1$}
\\RETURN $p$
\\ENDIF
\\STATE Let $s = UpdateSeed(s)$ and go to Step 2
\\ENDPROCEDURE
\\PROCEDURE{FindInteger}{$s$}
\\STATE Let $v = \\lfloor (L-1) / 160 \\rfloor$ and $w = L - 160v$
\\STATE Compute $h = \\text{SHA-1}(s)$
\\STATE Let $h_0$ be the bit string obtained by taking the $w$ rightmost bits of $h$
\\STATE Convert $s$ to an integer $z$
\\FOR{$i = 1$ \\textbf{to} $v$}
\\STATE Let $z_i = (z + i) \\mod 2^{160}$
\\STATE Convert $z_i$ to bit-string $s_i$
\\STATE Let $h_i = \\text{SHA-1}(s_i)$
\\ENDFOR
\\STATE Let $h$ be the string obtained by the concatenation of $h_0 , \\ldots , h_v$ from left to right
\\STATE Convert $h$ to an integer $x$
\\RETURN $x$
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}
`;
let rfcCodeCurves = `
\\begin{algorithm}
\\caption{RFC5639 Verifiably Random Curves $\\mathbb{F}_p$}
\\begin{algorithmic}
\\INPUT prime field size $p$ of bit-length $L$
\\INPUT 160 bit-string seed $s$
\\OUTPUT field elements $A, B \\in \\mathbb{F}_p$ which define an elliptic curve $\\mathcal{E}$
\\OUTPUT generator $G$ of the elliptic curve $\\mathcal{E}$
\\PROCEDURE{GenerateCurve}{$p, s$}
\\STATE Let $h = $ \\CALL{FindInteger2}{$s$}
\\STATE Convert $h$ to an integer $A$
\\IF{$-3 \\equiv A*Z^4 \\mod p$ is not solvable}
\\STATE Let $s = $ \\CALL{UpdateSeed}{$s$} and go to Step 2
\\ENDIF
\\STATE Compute one solution $Z$ of $-3 \\equiv A*Z^4 \\mod p$
\\STATE Let $s = $ \\CALL{UpdateSeed}{$s$}
\\STATE Let $B = $ \\CALL{FindInteger2}{$s$}
\\IF{$B$ is a square $\\mod p$}
\\STATE Let $s = $ \\CALL{UpdateSeed}{$s$} and go to Step 8
\\ENDIF
\\IF{$4*A^3 + 27*B^2 \\equiv 0 \\mod p$}
\\STATE Let $s = $ \\CALL{UpdateSeed}{s} and go to Step 2
\\ENDIF
\\STATE Check that the elliptic curve $\\mathcal{E}$ over $\\mathbb{F}_p$ given by $y^2 = x^3 + A x + B$ fulfills all security and functional requirements
\\STATE Let $s = $ \\CALL{UpdateSeed}{$s$}
\\STATE Let $k = $ \\CALL{FindInteger2}{$s$}
\\STATE Determine the points $Q$ and $-Q$ having the smallest x-coordinate on $\\mathcal{E}(\\mathbb{F}_p)$. Randomly select one of them as point $P$
\\STATE Compute the base point $G = [k]P$.
\\RETURN ($A, B, G$)
\\ENDPROCEDURE
\\PROCEDURE{FindInteger2}{$s$}
\\STATE Let $v = \\lfloor (L-1) / 160 \\rfloor$ and $w = L - 160v - 1$
\\STATE Compute $h = \\text{SHA-1}(s)$
\\STATE Let $h_0$ be the bit string obtained by taking the $w$ rightmost bits of $h$
\\STATE Convert $s$ to an integer $z$
\\FOR{$i = 1$ \\textbf{to} $v$}
\\STATE Let $z_i = (z + i) \\mod 2^{160}$
\\STATE Convert $z_i$ to bit-string $s_i$
\\STATE Let $h_i = \\text{SHA-1}(s_i)$
\\ENDFOR
\\STATE Let $h$ be the string obtained by the concatenation of $h_0 , \\ldots , h_v$ from left to right
\\STATE Convert $h$ to an integer $x$
\\RETURN $x$
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}`;
return (
<Entry data={data} location={location} title={"Brainpool"}>
<Styled.p>
<Styled.h2>Brainpool</Styled.h2>
<Styled.h3>Technical requirements</Styled.h3>
<ul>
<li>For each of the bit-lengths <InlineMath>160, 192, 224, 256, 320, 384, 512</InlineMath> one curve shall be proposed.</li>
<li>The base field size <InlineMath>p</InlineMath> should be congruent to <InlineMath>{`3 \\mod 4`}</InlineMath>.</li>
<li>The curve should be <InlineMath>{`\\mathbb{F}_p`}</InlineMath>-isomorphic to a curve with <InlineMath>{`A \\equiv -3 \\mod p`}</InlineMath>.</li>
<li>The prime <InlineMath>p</InlineMath> must not be of a special form in order to avoid patented fast arithmetic on the base field.</li>
<li>The order of the curve <InlineMath>{`\\lvert \\mathcal{E}(\\mathbb{F}_p) \\rvert`}</InlineMath> should be smaller than the size of the base field <InlineMath>p</InlineMath>.</li>
<li>The curve coefficient <InlineMath>B</InlineMath> should be non-square in <InlineMath>{`\\mathbb{F}_p`}</InlineMath>.</li>
</ul>
<Styled.h3>Security requirements</Styled.h3>
<ul>
<li>The embedding degree <InlineMath>{`l = \\min\\{t \\vert q \\text{divides} p^t - 1 \\}`}</InlineMath> should be large, where <InlineMath>q</InlineMath> is the order
of the basepoint and <InlineMath>p</InlineMath> the size of the base field. Specifically, <InlineMath>{`(q - 1) / l < 100`}</InlineMath>.</li>
<li>The curves are not trace one curves. Specifically <InlineMath>{`\\lvert \\mathcal{E}(\\mathbb{F}_p) \\rvert \\ne p`}</InlineMath>.</li>
<li>The class number of the maximal order of the endomorphism ring of the curve is larger than <InlineMath>10000000</InlineMath>.</li>
<li>The group order <InlineMath>{`\\lvert \\mathcal{E}(\\mathbb{F}_p) \\rvert`}</InlineMath> should be a prime number <InlineMath>q</InlineMath>.</li>
</ul>
<Styled.h3>Original method</Styled.h3>
Brainpool published their method of generating verifiably random curves in the <b>ECC Brainpool Standard Curves and Curve Generation</b> <Link to="#brainpool-std">[1]</Link> document,
along with generated domain parameters claimed to be generated using the presented method and seeds.
However, the presented <Link to={"/brainpool"}>curves</Link> were (with the exception of the 512-bit curves) <b>not</b> generated
using the presented method, as they have properties that can not result from the presented method of generating curves.
See the <b>BADA55 paper</b> <Link to="bada55-brainpool">[3]</Link> for more information.
<Styled.h3>RFC 5639 method</Styled.h3>
Brainpool published an RFC with their fixed method of generating verifiably random curves and generated curves in <b>RFC 5639</b> <Link to="#rfc-5639">[2]</Link>,
which matches the generated curves and seeds.
<pre>
<Pseudocode code={rfcCodeCommon} options={{lineNumber: true, noEnd: true, captionCount: 0}}/>
</pre>
<Styled.h4>Generating primes</Styled.h4>
<pre>
<Pseudocode code={rfcCodePrimes} options={{lineNumber: true, noEnd: true, captionCount: 1}}/>
</pre>
<Styled.h4>Generating curves</Styled.h4>
<pre>
<Pseudocode code={rfcCodeCurves} options={{lineNumber: true, noEnd: true, captionCount: 2}}/>
</pre>
<Styled.h4>References</Styled.h4>
<ol>
<li id="brainpool-std">Manfred Lochter: <Link to="http://www.ecc-brainpool.org/download/Domain-parameters.pdf">ECC Brainpool Standard Curves and Curve Generation v. 1.0</Link>, <Link to="https://web.archive.org/web/20170921224120/http://www.ecc-brainpool.org/download/Domain-parameters.pdf">[archive]</Link></li>
<li id="rfc-5639">Manfred Lochter, Johannes Merkle: <Link to="https://tools.ietf.org/html/rfc5639">Elliptic Curve Cryptography (ECC) Brainpool Standard
Curves and Curve Generation (RFC5639)</Link></li>
<li id="bada55-brainpool">BADA55 Research Team: <Link to="https://bada55.cr.yp.to/brainpool.html">BADA55 Crypto - Brainpool curves</Link></li>
</ol>
</Styled.p>
</Entry>
)
}

7
src/pages/methods/kss.js
View File

@@ -1,6 +1,5 @@
import React from 'react'
import Entry from '../../components/entry'
import Equation from '../../components/Equation'
import Link from '../../components/Link'
import { BlockMath, InlineMath } from 'react-katex'
import CodeBlock from "../../components/CodeBlock"
@@ -123,9 +122,11 @@ class KSS40(KSS):
</Styled.p>
<Styled.p>
The class of curves has the Short-Weierstrass form:
<Equation>
</Styled.p>
<BlockMath>
y^2 \equiv x^3 + b
</Equation>
</BlockMath>
<Styled.p>
where given <InlineMath>z</InlineMath> such that <InlineMath>p(z)</InlineMath> is prime, a curve with
a prime order subgroup of <InlineMath>r(z)</InlineMath> points can be found either via complex multiplication
or by exhaustively trying small coefficients <InlineMath>b</InlineMath> until a curve is found.

72
src/pages/methods/nist.js
View File

@@ -1,14 +1,82 @@
import React from 'react'
import Entry from '../../components/entry'
import { Styled } from "theme-ui"
import Link from "../../components/Link";
import {InlineMath} from "react-katex";
import Pseudocode from "../../components/Pseudocode";
export default ({data, location}) => {
let fpCode = `
\\begin{algorithm}
\\caption{NIST Verifiably Random Curves over $\\mathbb{F}_p$}
\\begin{algorithmic}
\\INPUT prime field size $p$ of bit-length $l$
\\OUTPUT bit-string seed $s$ and field elements $a, b \\in \\mathbb{F}_p$ which define an elliptic curve
\\PROCEDURE{GenerateCurve}{$p$}
\\STATE Let $v = \\lfloor \\ (l - 1) / 160 \\rfloor $; Let $w = l - 160v - 1 $
\\STATE Let $s$ be a random bit string of 160 bits
\\STATE Let $h = \\text{SHA-1}(s) $
\\STATE Let $h_0$ be the bit string of $w$ rightmost bits of $h$
\\STATE Let $z$ be the integer whose binary expansion is given by the 160-bit string $s$
\\FOR{$i = 1$ \\textbf{to} $v$}
\\STATE Let $s_i = (z + i) \\mod 2^{160}$
\\STATE Let $h_i = \\text{SHA-1}(s_i)$
\\ENDFOR
\\STATE Let $h = h_0 \\Vert h_1 \\Vert \\ldots \\Vert h_v$
\\STATE Let $c$ be the integer whose binary expansion is given by the bit string $h$
\\IF{$c = 0$ \\textbf{or} $ 4c + 27 \\equiv 0 \\mod p$}
\\STATE \\textbf{goto} $3$
\\ENDIF
\\STATE Choose integers $a, b \\in \\mathbb{F}_p$ such that $c b^2 \\equiv a^3 \\mod p$
\\STATE Check that the elliptic curve defined by $a, b$ has suitable order. If not \\textbf{goto} 3
\\RETURN ($s, a, b$)
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}`;
let f2mCode = `
\\begin{algorithm}
\\caption{NIST Verifiably Random Curves over $\\mathbb{F}_{2^m}$}
\\begin{algorithmic}
\\INPUT binary field size $2^m$
\\OUTPUT bit-string seed $s$ and field elements $a, b \\in \\mathbb{F}_{2^m}$ which define an elliptic curve
\\PROCEDURE{GenerateCurve}{$p$}
\\STATE Let $v = \\lfloor \\ (m - 1) / 160 \\rfloor $; Let $w = m - 160v $
\\STATE Let $s$ be a random bit string of 160 bits
\\STATE Let $h = \\text{SHA-1}(s) $
\\STATE Let $h_0$ be the bit string of $w$ rightmost bits of $h$
\\STATE Let $z$ be the integer whose binary expansion is given by the 160-bit string $s$
\\FOR{$i = 1$ \\textbf{to} $v$}
\\STATE Let $s_i = (z + i) \\mod 2^{160}$
\\STATE Let $h_i = \\text{SHA-1}(s_i)$
\\ENDFOR
\\STATE Let $h = h_0 \\Vert h_1 \\Vert \\ldots \\Vert h_v$
\\STATE Let $b$ be element of $\\mathbb{F}_{2^m}$ which binary expansion is given by the bit string $h$
\\STATE Choose an element $a \\in \\mathbb{F}_{2^m}$
\\STATE Check that the elliptic curve defined by $a, b$ has suitable order. If not \\textbf{goto} 3
\\RETURN ($s, a, b$)
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}`;
return (
<Entry data={data} location={location} title={"NIST"}>
<Styled.h2>NIST</Styled.h2>
<Styled.p>
The NIST <b>FIPS 186-4</b> <Link to="#fips-186-4">[1]</Link> standard defines recommended curves for use in ECDSA
and a verifiably random method for generating them in appendices <i>D.5</i> and <i>D.7</i>. The curves are presented
in the <Link to={"/nist"}>NIST</Link> category.
</Styled.p>
<Styled.h3>Generating <InlineMath>{`\\mathbb{F}_p`}</InlineMath> curves</Styled.h3>
<pre>
<Pseudocode code={fpCode} options={{lineNumber: true, noEnd: true, captionCount: 0}}/>
</pre>
<Styled.h3>Generating <InlineMath>{`\\mathbb{F}_{2^m}`}</InlineMath> curves</Styled.h3>
<pre>
<Pseudocode code={f2mCode} options={{lineNumber: true, noEnd: true, captionCount: 1}}/>
</pre>
<Styled.h4>References</Styled.h4>
<ol>
<li id="fips-186-4">National Institute of Standards and Technology: <Link to="https://csrc.nist.gov/publications/detail/fips/186/4/final">FIPS 186-4 - Digital Signature Standard (DSS)</Link></li>
</ol>
</Entry>
)
}

93
src/pages/methods/secg.js
View File

@@ -1,14 +1,103 @@
import React from 'react'
import Entry from '../../components/entry'
import Link from '../../components/Link'
import Pseudocode from '../../components/Pseudocode'
import { Styled } from "theme-ui"
export default ({data, location}) => {
let curveCode = `
\\begin{algorithm}
\\caption{SECG Verifiably Random Curves}
\\begin{algorithmic}
\\INPUT A "seed" octet string $S$ of length $g/8$ octets
\\INPUT field size $q$
\\INPUT hash function $Hash$ of output length $hashlen$ octets
\\INPUT field element $a \\in \\mathbb{F}_q$
\\OUTPUT field element $b \\in \\mathbb{F}_q$
\\PROCEDURE{GenerateCurve}{$S$, $g$, $q$, $Hash$, $hashlen$, $a$}
\\STATE Let $m = \\lceil \\log_2 q \\rceil$
\\STATE Let $t = 8hashlen$
\\STATE Let $s = \\lfloor (m - 1) / t \\rfloor$
\\STATE Let $k = m - st$ if $q$ is even, else $k = m - st - 1$
\\STATE Convert $S$ to an integer $s_0$.
\\FOR{$j$ \\textbf{from} $0$ \\textbf{to} $s$}
\\STATE Let $s_j = s_0 + j \\mod 2^g$
\\STATE Let $S_j$ be the integer $s_j$ converted to an octet string of length $g/8$ octets
\\STATE Let $H_j = Hash(S_j)$
\\STATE Convert $H_j$ to an integer $e_j$
\\ENDFOR
\\STATE Let $e = e_0 2^{ts} + e_1 2^{t(s-1)} + \\ldots + e_s \\mod 2^{k + st}$
\\STATE Convert $e$ to an octet string $E$ of length $mlen = \\lceil (\\log_2 q)/8 \\rceil$ octets
\\STATE Convert $E$ to a field element $r \\in \\mathbb{F}_q$
\\IF{$q$ is even}
\\IF{$r = 0$}
\\RETURN "failure"
\\ELSE
\\RETURN $b = r \\in \\mathbb{F}_q$
\\ENDIF
\\ELSE
\\IF{$a = 0$ \\textbf{or} $4r + 27 \\equiv 0$ \\textbf{or} $a^3/r$ does not have a square root}
\\RETURN "failure"
\\ENDIF
\\RETURN $b = \\sqrt{a^3/r}$
\\ENDIF
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}`;
let pointCode = `
\\begin{algorithm}
\\caption{SECG Verifiably Random Points}
\\begin{algorithmic}
\\INPUT A "seed" octet string $S$ of length $g/8$ octets
\\INPUT field size $q$
\\INPUT hash function $Hash$ of output length $hashlen$ octets
\\INPUT elliptic curve parameters $a, b \\in \\mathbb{F}_q$
\\INPUT elliptic curve cofactor $h$
\\OUTPUT elliptic curve point $G$
\\PROCEDURE{GeneratePoint}{$S$, $g$, $q$, $Hash$, $hashlen$, $a$, $b$, $h$}
\\STATE Let $A = 4261736520706F696E74_{16}$ which is the octet string of "Base point" in ASCII
\\STATE Let $B = 01_{16}$ an octet string of length 1
\\STATE Let $c = 1$
\\STATE Convert integer c to an octet string $C$ of length $1 + \\lfloor \\log_{256} (c) \\rfloor$
\\STATE Let $H = Hash(A \\Vert B \\Vert C \\Vert S)$
\\STATE Convert $H$ to an integer $e$
\\STATE Let $t = e \\mod 2q$
\\STATE Let $u = t \\mod q$ and $z = \\lfloor t / q \\rfloor$
\\STATE Convert integer $u$ to a field element $x \\in \\mathbb{F}_q$
\\STATE Recover a y-coordinate from the compressed point information $(x, z)$ as appropriate to the elliptic curve
\\IF{no valid $y$ exists}
\\STATE Increment $c$
\\STATE Goto step $4$
\\ENDIF
\\STATE Let $R = (x, y)$
\\RETURN $G = [h]R$
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}
`;
return (
<Entry data={data} location={location} title={"SECG"}>
<Styled.h2>SECG</Styled.h2>
<Styled.p>
The SECG method for generating verifiably random domain parameters is specified in the <b>SEC 1: Elliptic Curve Cryptography</b> <Link to="#secg-sec1">[1]</Link> standard,
specifically in sections <i>3.1.3.1</i> and <i>3.1.3.2</i>. These methods are compatible to those in the <b>ANSI X9.62</b> standard. The curves are presented
in the <Link to={"/secg"}>SECG</Link> category.
</Styled.p>
<Styled.h3>Generating curves</Styled.h3>
<pre>
<Pseudocode code={curveCode} options={{lineNumber: true, noEnd: true, captionCount: 0}}/>
</pre>
<Styled.h3>Generating base points</Styled.h3>
<pre>
<Pseudocode code={pointCode} options={{lineNumber: true, noEnd: true, captionCount: 1}}/>
</pre>
<Styled.h4>References</Styled.h4>
<ol>
<li id="secg-sec1">Standards for Efficient Cryptography Group: <Link to="https://www.secg.org/sec1-v2.pdf">SEC 1: Elliptic Curve Cryptography</Link></li>
</ol>
</Entry>
)
}

71
src/pages/methods/x962.js
View File

@@ -1,14 +1,81 @@
import React from 'react'
import Entry from '../../components/entry'
import Pseudocode from '../../components/Pseudocode'
import { Styled } from "theme-ui"
import { InlineMath } from "react-katex";
import Link from "../../components/Link";
export default ({data, location}) => {
let fpCode = `
\\begin{algorithm}
\\caption{ANSI X9.62 Verifiably Random Curves over $\\mathbb{F}_p$}
\\begin{algorithmic}
\\INPUT prime field size $p$
\\OUTPUT bit-string $SEED$ and field elements $a, b \\in \\mathbb{F}_p$ which define an elliptic curve
\\PROCEDURE{GenerateCurve}{$p$}
\\STATE Let $t = \\lfloor \\log_{2} p \\rfloor $; Let $s = \\lfloor (t - 1) / 160 \\rfloor $; Let $h = t - 160 s $
\\STATE Let $SEED$ be a random bit string of at least 160 bits
\\STATE Let $g = \\vert SEED \\vert $
\\STATE Let $H = \\text{SHA-1}(SEED) $
\\STATE Let $c_0$ be the bit string of $h$ rightmost bits of $H$
\\STATE Let $W_0$ be $c_0$ with leftmost bit set to $0$
\\FOR{$i = 1$ \\textbf{to} $s$}
\\STATE Let $W_i = \\text{SHA-1}((SEED + i) \\mod 2^g)$
\\ENDFOR
\\STATE Let $W = W_0 \\Vert W_1 \\Vert \\ldots \\Vert W_s$
\\STATE Let $r = \\sum_{i = 1}^{t} w_i 2^{t - i}$ \\COMMENT{with $w_i$ being the $i$-th bit of $W$ from the left}
\\STATE Let $(a, b)$ be elements of $ \\mathbb{F}_p $, so that $ r b^2 \\equiv a^3 \\mod p $
\\IF{$ 4a^3 + 27b^2 \\equiv 0 \\mod p$}
\\STATE \\textbf{goto} $3$
\\ENDIF
\\RETURN ($SEED, a, b$)
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}`;
let f2mCode = `
\\begin{algorithm}
\\caption{ANSI X9.62 Verifiably Random Curves over $\\mathbb{F}_{2^m}$}
\\begin{algorithmic}
\\INPUT field size $q = 2^m$
\\OUTPUT bit-string $SEED$ and field elements $a, b \\in \\mathbb{F}_{2^m}$ which define an elliptic curve
\\PROCEDURE{GenerateCurve}{$q = 2^m$}
\\STATE Let $t = m$; Let $s = \\lfloor (t - 1) / 160 \\rfloor $; Let $h = t - 160 s $
\\STATE Let $SEED$ be a random bit string of at least 160 bits
\\STATE Let $g = \\vert SEED \\vert $
\\STATE Let $H = \\text{SHA-1}(SEED) $
\\STATE Let $b_0$ be the bit string of $h$ rightmost bits of $H$
\\FOR{$i = 1$ \\textbf{to} $s$}
\\STATE Let $b_i = \\text{SHA-1}((SEED + i) \\mod 2^g)$
\\ENDFOR
\\STATE Let $b = b_0 \\Vert b_1 \\Vert \\ldots \\Vert b_s \\in \\mathbb{F}_{2^m}$
\\IF{$b = 0$}
\\STATE \\textbf{goto} $3$
\\ENDIF
\\STATE Let $a$ be random element from $ \\mathbb{F}_{2^m} $
\\RETURN ($SEED, a, b$)
\\ENDPROCEDURE
\\end{algorithmic}
\\end{algorithm}`;
return (
<Entry data={data} location={location} title={"X962"}>
<Styled.h2>ANSI X9.62</Styled.h2>
<Styled.p>
The <b>ANSI X9.62</b> <Link to="#ansi-x962">[1]</Link> standard published by the American National Standards Institute provides a way of
generating verifiably random elliptic curves in its appendices <i>A.3.3.1</i> and <i>A.3.3.2</i>. The curves are presented
in the <Link to={"/x962"}>ANSI X9.62</Link> category.
</Styled.p>
<Styled.h3>Generating <InlineMath>{`\\mathbb{F}_p`}</InlineMath> curves</Styled.h3>
<pre>
<Pseudocode code={fpCode} options={{lineNumber: true, noEnd: true, captionCount: 0}}/>
</pre>
<Styled.h3>Generating <InlineMath>{`\\mathbb{F}_{2^m}`}</InlineMath> curves</Styled.h3>
<pre>
<Pseudocode code={f2mCode} options={{lineNumber: true, noEnd: true, captionCount: 1}}/>
</pre>
<Styled.h4>References</Styled.h4>
<ol>
<li id="ansi-x962">Accredited Standards Committee X9 : <Link to="https://webstore.ansi.org/standards/ascx9/ansix9621998">Public Key Cryptography For The Financial Services Industry : The Elliptic Curve Digital Signature Algorithm (ECDSA)</Link></li>
</ol>
</Entry>
)
}

10
src/styles/misc.css Normal file
View File

@@ -0,0 +1,10 @@
.ps-algorithmic, .ps-algorithmic .ps-line, .ps-algorithm, .ps-root {
line-height: 0
}
.ps-algorithm > .ps-line:nth-child(1) {
margin-top: -0.9em;
}
.ps-algorithmic .ps-block {
line-height: 0.4
}

3
src/templates/curve.js
View File

@@ -9,8 +9,7 @@ import ReactMarkdown from "react-markdown"
import { clean_dict, is_nullundef } from '../utils'
import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'
import { faDownload, faCopy, faSquare } from '@fortawesome/free-solid-svg-icons'
import { jsx } from 'theme-ui'
import { Styled } from 'theme-ui'
import { jsx, Styled } from 'theme-ui'
import { alpha } from '@theme-ui/color'
import dracula from '@theme-ui/prism/presets/dracula.json'
import Tooltip from '@material-ui/core/Tooltip';