I propose a method to compress NIST curves as defined in https://tools.ietf.org/id/draft-jivsov-ecc-compact-05.html
Its main benefit is that the compressed point fits into field size / group order size. There is no additional byte needed. This encoding is enabled by by modifying key generation. If key generation code can be changed, the adjustment is one bignum subtraction. If key generation is a black box, e.g. as if it is done by an HSM, we generate another key pair until conditions are met. On average, adjustment is needed every second key generation. No adjustment is needed for ECDH. The method is solely based on published books and research papers from the past century. I hope this helps. On Fri, Jul 30, 2021 at 9:48 AM Carl Mehner <c...@cem.me> wrote: > As requested during ekr's presentation > <https://youtu.be/SfuvB41YhyU?t=980>, I will volunteer to write up a > draft for defining new "supported groups" for compressed NIST curves. I > didn't see/hear any objections during the tls-wg meeting, but thought > I should probably confirm on the list before I got too far along in writing > it... > > -carl > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls