elliptic-curves

  1. elliptic-curves
    1. Author
    2. Requirements
    3. Description
    4. API
      1. Module elliptic-curve-parameters
      2. Module elliptic-curve-arithmetic
      3. Module elliptic-curve-cryptography
    5. License
    6. Version history

Author

Thomas Chust

Requirements

Description

This library allows you to perform basic arithmetic and cryptographic primitives on elliptic curve groups over finite fields with arbitrarily large integer moduli.

Points on elliptic curves are represented by complex numbers, the infinitely remote point is represented by the number zero.

API

Module elliptic-curve-parameters

This module defines an elliptic curve parameter record as follows:

 (defstruct ec-parameters
   ;; Prime modulus of the curve's underlying field
   p
   ;; Parameter a of the Weierstrass equation
   a
   ;; Parameter b of the Weierstrass equation
   b
   ;; Base point of the curve
   [G #f]
   ;; Order of the base point
   [n #f]
   ;; Cofactor of the base point
   [h #f]
   ;; Optional name of the parameter set
   [name #f])
[syntax] (define-ec-parameters id p a b x y n h)

A shorthand for

 (define id
   (make-ec-parameters
    p: (string->number p 16)
    a: (string->number a 16)
    b: (string->number b 16)
    G: (make-rectangular
        (string->number x 16)
        (string->number y 16))
    n: (string->number n 16)
    h: (string->number h 16)
    name: 'id))
[constant] brainpool-P160r1
[constant] brainpool-P192r1
[constant] brainpool-P224r1
[constant] brainpool-P256r1
[constant] brainpool-P320r1
[constant] brainpool-P384r1
[constant] brainpool-P512r1

Constants for standardized elliptic curves suitable for cryptographic use. Refer to the ECC Brainpool site for more information.

Module elliptic-curve-arithmetic

[procedure] ((ec+ parameters) P ...)

Computes the sum of the points P on the elliptic curve specified by the given parameters, similar to the standard procedure +.

[procedure] ((ec- parameters) A P ...)

Computes the difference of point A and all points P or the additive inverse of A on the elliptic curve specified by the given parameters, similar to the standard procedure -.

[procedure] ((ec* parameters) P n)

Computes the scalar product of point P with the integer n on the elliptic curve specified by the given parameters, but does so much more efficiently than iteratively summing up copies of P.

If n is negative, the additive inverse of P is multiplied by (abs n).

[procedure] (on-elliptic-curve? parameters P)

Checks whether the point P is a member of the elliptic curve specified by the given parameters.

[syntax] (with-elliptic-curve parameters body ...)

Overloads the symbols +, - and * inside body with versions operating on elements of the elliptic curve specified by the given parameters.

Module elliptic-curve-cryptography

[procedure] ((ecc-generate-keys parameters random-integer))

Given elliptic curve parameters and a cryptographically strong random-integer generator for huge numbers with analoguous behaviour as the standard procedure (random n), a procedure is generated that returns a random new public key and private key. The public key is a point on the elliptic curve, the private key is an integer.

[procedure] ((ecc-sign parameters random-integer) d message)

Given elliptic curve parameters and a cryptographically strong random-integer generator for huge numbers with analoguous behaviour as the standard procedure (random n), a signature procedure is generated that computes a signature from the private key d and the given message.

The message is a number and the signature is a pair of two numbers.

For practical applications, you should convert some message digest into a number with the same bit length as the base point order of the elliptic curve and pass it as the message argument.

[procedure] ((ecc-verify parameters) P message signature)

Given elliptic curve parameters, a signature verification procedure is generated that checks a signature given the public key P of the signer, the original message and the signature.

The message is a number and the signature is a pair of two numbers.

For practical applications, you should convert some message digest into a number with the same bit length as the base point order of the elliptic curve and pass it as the message argument.

[procedure] ((ecc-generate-secret parameters) d P)

Given elliptic curve parameters, a shared secret generator is created that computes a shared secret given the secret key d of the "sender" and the public key P of the recipient.

The shared secret is a point on the elliptic curve.

For practical applications you should hash the returned point together with some strong random salt value to derive a key for symmetric encryption.

License

 Copyright (c) 2010, Thomas Chust
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
 conditions are met:
 
 * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
     disclaimer.
 * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
     disclaimer in the documentation and/or other materials provided with the distribution.
 * Neither the name of the author nor the names of its contributors may be used to endorse or promote
     products derived from this software without specific prior written permission.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS
 OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.

Version history

1.0.1
Fixed some import specifications
1.0.0
Initial release