Curve448: Difference between revisions

Content deleted Content added

Inline

Revision as of 15:06, 2 December 2023

In cryptography, Curve448 oder Curve448-Goldilocks is an elliptic curve potentially offering 224 bits of security and designed for use with the elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. Developed by Mike Hamburg of Rambus Cryptography Research, Curve448 allows fast performance compared with other proposed curves with comparable security.^[1] The reference implementation is available under an MIT license.^[2] The curve was favored by the Internet Research Task Force Crypto Forum Research Group (IRTF CFRG) for inclusion in Transport Layer Security (TLS) standards along with Curve25519. In 2017, NIST announced that Curve25519 and Curve448 would be added to "Special Publication 800-186", which specifies approved elliptic curves for use by the US Federal Government,^[3] and in 2023 it was approved for use in FIPS 186-5.^[4] Both are described in RFC 7748. The name X448 is used for the DH function.

Mathematical properties

Hamburg chose the Solinas trinomial prime base p = 2⁴⁴⁸ − 2²²⁴ − 1, calling it a "Goldilocks" prime "because its form defines the golden ratio φ ≡ 2²²⁴". The main advantage of a golden-ratio prime is fast Karatsuba multiplication.^[5]

The curve Hamburg used is an untwisted Edwards curve E_d: $y 2 + x 2 = 1 - 39081 x 2 y 2$ . The constant d = −39081 was chosen as the smallest absolute value that had the required mathematical properties, thus a nothing-up-my-sleeve number.

Curve448 is constructed such that it avoids many potential implementation pitfalls.^[6]

References

^ Hamburg, Mike (2015). "Ed448-Goldilocks, a new elliptic curve". Cryptology ePrint Archive.
^ http://ed448goldilocks.sourceforge.net/
^ "Transition Plans for Key Establishment Schemes". 31 October 2017.
^ Moody, Dustin (2023-02-03). FIPS 186-5: Digital Signature Standard (DSS) (Report). NIST. doi:10.6028/NIST.FIPS.186-5. S2CID 256480883. Retrieved 2023-03-04.
^ Sasdrich, Pascal; Géneysu, Tim (2017). Cryptography for next generation TLS: Implementing the RFC 7748 elliptic Curve448 cryptosystem in hardware. 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC). doi:10.1145/3061639.3062222.
^ "SafeCurves: Introduction". safecurves.cr.yp.to. Retrieved 2018-02-23.

[hamburg448-1] Hamburg, Mike (2015). "Ed448-Goldilocks, a new elliptic curve". Cryptology ePrint Archive.

[2] ttp://ed448goldilocks.sourceforge.net/

[3] "Transition Plans for Key Establishment Schemes". 31 October 2017.

[FIPS_186-5-4] Moody, Dustin (2023-02-03). FIPS 186-5: Digital Signature Standard (DSS) (Report). NIST. doi:10.6028/NIST.FIPS.186-5. S2CID 256480883. Retrieved 2023-03-04.

[5] Sasdrich, Pascal; Géneysu, Tim (2017). Cryptography for next generation TLS: Implementing the RFC 7748 elliptic Curve448 cryptosystem in hardware. 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC). doi:10.1145/3061639.3062222.

[6] "SafeCurves: Introduction". safecurves.cr.yp.to. Retrieved 2018-02-23.

[1]

[2]

[3]

[4]

[5]

[6]

@@ Line 1: / Line 1: @@
 {{short description|Elliptic curve used in Internet cryptography}}
 {{Cleanup bare URLs|date=September 2022}}
-In [[cryptography]], '''Curve448''' or '''Curve448-Goldilocks'''  is an [[elliptic curve cryptography|elliptic curve]] potentially offering 224 bits of security and designed for use with the [[elliptic-curve Diffie–Hellman]] (ECDH) key agreement scheme. Developed by Mike Hamburg of [[Rambus]] Cryptography Research, Curve448 allows fast performance compared with other proposed curves with comparable security.<ref name=hamburg448>{{cite journal |url=https://eprint.iacr.org/2015/625 |title=Ed448-Goldilocks, a new elliptic curve |first=Mike |last=Hamburg |journal=Cryptology ePrint Archive |year=2015 }}</ref> The [[reference implementation]] is available under an [[MIT license]].<ref>http://ed448goldilocks.sourceforge.net/</ref> The curve was favored by the [[Internet Research Task Force]] Crypto Forum Research Group (IRTF CFRG) for inclusion in [[Transport Layer Security]] (TLS) standards along with [[Curve25519]]. In 2017, NIST announced that Curve25519 and Curve448 would be added to "Special Publication 800-186", which specifies approved [[elliptic curves]] for use by the [[US Federal Government]],<ref>{{cite web|url=https://csrc.nist.gov/News/2017/Transition-Plans-for-Key-Establishment-Schemes|title=Transition Plans for Key Establishment Schemes|date=31 October 2017}}</ref> and in 2023 it was approved for use in FIPS 186-5.<ref name="FIPS 186-5">{{cite journal |title=FIPS 186-5: Digital Signature Standard (DSS) |date=2023-02-03 |publisher=[[NIST]] |doi=10.6028/NIST.FIPS.186-5 | first = Dustin | last = Moody|url=https://csrc.nist.gov/publications/detail/fips/186/5/final |access-date=2023-03-04 |s2cid=256480883 }}</ref> Both are described in {{IETF RFC|7748}}. The name '''X448''' is used for the DH function.
+In [[cryptography]], '''Curve448''' or '''Curve448-Goldilocks''' is an [[elliptic curve cryptography|elliptic curve]] potentially offering 224 bits of security and designed for use with the [[elliptic-curve Diffie–Hellman]] (ECDH) key agreement scheme. Developed by Mike Hamburg of [[Rambus]] Cryptography Research, Curve448 allows fast performance compared with other proposed curves with comparable security.<ref name=hamburg448>{{cite journal |url=https://eprint.iacr.org/2015/625 |title=Ed448-Goldilocks, a new elliptic curve |first=Mike |last=Hamburg |journal=Cryptology ePrint Archive |year=2015 }}</ref> The [[reference implementation]] is available under an [[MIT license]].<ref>http://ed448goldilocks.sourceforge.net/</ref> The curve was favored by the [[Internet Research Task Force]] Crypto Forum Research Group (IRTF CFRG) for inclusion in [[Transport Layer Security]] (TLS) standards along with [[Curve25519]]. In 2017, NIST announced that Curve25519 and Curve448 would be added to "Special Publication 800-186", which specifies approved [[elliptic curves]] for use by the [[US Federal Government]],<ref>{{cite web|url=https://csrc.nist.gov/News/2017/Transition-Plans-for-Key-Establishment-Schemes|title=Transition Plans for Key Establishment Schemes|date=31 October 2017}}</ref> and in 2023 it was approved for use in FIPS 186-5.<ref name="FIPS 186-5">{{cite report |title=FIPS 186-5: Digital Signature Standard (DSS) |date=2023-02-03 |publisher=[[NIST]] |doi=10.6028/NIST.FIPS.186-5 | first = Dustin | last = Moody|url=https://csrc.nist.gov/publications/detail/fips/186/5/final |access-date=2023-03-04 |s2cid=256480883 }}</ref> Both are described in {{IETF RFC|7748}}. The name '''X448''' is used for the DH function.
 == Mathematical properties ==
@@ Line 12: / Line 12: @@
 == See also ==
-* [[Curve25519]]
 * [[Poly1305]]