You are looking at historical revision 17648 of this page. It may differ significantly from its current revision.

## elliptic-curves

### Author

### Requirements

### Description

This library allows you to perform basic arithmetic and cryptographic primitives on elliptic curve groups over finite fields with arbitrarily large integer moduli.

Points on elliptic curves are represented by complex numbers, the infinitely remote point is represented by the number zero.

### API

#### Module elliptic-curve-parameters

This module defines an elliptic curve parameter record as follows:

(defstruct ec-parameters ;; Prime modulus of the curve's underlying field p ;; Parameter a of the Weierstrass equation a ;; Parameter b of the Weierstrass equation b ;; Base point of the curve [G #f] ;; Order of the base point [n #f] ;; Cofactor of the base point [h #f] ;; Optional name of the parameter set [name #f])

*[syntax]*

`(define-ec-parameters id p a b x y n h)`

A shorthand for

(define id (make-ec-parameters p: (string->number p 16) a: (string->number a 16) b: (string->number b 16) G: (make-rectangular (string->number x 16) (string->number y 16)) n: (string->number n 16) h: (string->number h 16) name: 'id))

*[constant]*

`brainpool-P160r1`

*[constant]*

`brainpool-P192r1`

*[constant]*

`brainpool-P224r1`

*[constant]*

`brainpool-P256r1`

*[constant]*

`brainpool-P320r1`

*[constant]*

`brainpool-P384r1`

*[constant]*

`brainpool-P512r1`

Constants for standardized elliptic curves suitable for cryptographic use. Refer to the ECC Brainpool site for more information.

#### Module elliptic-curve-arithmetic

*[procedure]*

`((ec+ parameters) P ...)`

Computes the sum of the points `P` on the elliptic curve specified by the given `parameters`, similar to the standard procedure `+`.

*[procedure]*

`((ec- parameters) A P ...)`

Computes the difference of point `A` and all points `P` or the additive inverse of `A` on the elliptic curve specified by the given `parameters`, similar to the standard procedure `-`.

*[procedure]*

`((ec* parameters) P n)`

Computes the scalar product of point `P` with the integer `n` on the elliptic curve specified by the given `parameters`, but does so much more efficiently than iteratively summing up copies of `P`.

If `n` is negative, the additive inverse of `P` is multiplied by `(abs n)`.

*[procedure]*

`(on-elliptic-curve? parameters P)`

Checks whether the point `P` is a member of the elliptic curve specified by the given `parameters`.

*[syntax]*

`(with-elliptic-curve parameters body ...)`

Overloads the symbols `+`, `-` and `*` inside `body` with versions operating on elements of the elliptic curve specified by the given `parameters`.

#### Module elliptic-curve-cryptography

*[procedure]*

`((ecc-generate-keys parameters random-integer))`

Given elliptic curve `parameters` and a cryptographically strong `random-integer` generator for huge numbers with analoguous behaviour as the standard procedure `(random n)`, a procedure is generated that returns a random new public key and private key. The public key is a point on the elliptic curve, the private key is an integer.

*[procedure]*

`((ecc-sign parameters random-integer) d message)`

Given elliptic curve `parameters` and a cryptographically strong `random-integer` generator for huge numbers with analoguous behaviour as the standard procedure `(random n)`, a signature procedure is generated that computes a signature from the private key `d` and the given `message`.

The message is a number and the signature is a pair of two numbers.

For practical applications, you should convert some message digest into a number with the same bit length as the base point order of the elliptic curve and pass it as the `message` argument.

*[procedure]*

`((ecc-verify parameters) P message signature)`

Given elliptic curve `parameters`, a signature verification procedure is generated that checks a signature given the public key `P` of the signer, the original `message` and the `signature`.

The message is a number and the signature is a pair of two numbers.

For practical applications, you should convert some message digest into a number with the same bit length as the base point order of the elliptic curve and pass it as the `message` argument.

*[procedure]*

`((ecc-generate-secret parameters) d P)`

Given elliptic curve `parameters`, a shared secret generator is created that computes a shared secret given the secret key `d` of the "sender" and the public key `P` of the recipient.

The shared secret is a point on the elliptic curve.

For practical applications you should hash the returned point together with some strong random salt value to derive a key for symmetric encryption.

### License

Copyright (c) 2010, Thomas Chust All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

### Version history

- 1.0.0
- Initial release