Is possible to create a custom curve like Curve448/Ed448 in Botan? #4472

gb-jose · 2024-12-09T16:12:10Z

gb-jose
Dec 9, 2024

I am trying to do some curve elliptic operations over Curve448/Ed448. I defined the EC_Group object to register the curve, but I am not able to pass the group verification.

const Botan::BigInt p("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
const Botan::BigInt a("0x262a6");
const Botan::BigInt b("0x01");
const Botan::BigInt n("0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3");
const Botan::BigInt g_x("0x05");
const Botan::BigInt g_y("0x7d235d1295f5b1f66c98ab6e58326fcecbae5d34f55545d060f75dc28df3f6edb8027e2346430d211312c4b150677af76fd7223d457b5b1a");
const Botan::BigInt h("0x04");
const Botan::OID oid("1.3.101.111");

// create EC_Group object to register the curve
Botan::EC_Group ec_group(p, a, b, g_x, g_y, n, h, oid);

Botan::AutoSeeded_RNG rng;

if(!ec_group.verify_group(rng)) {
    std::cout << "Does not work!" << std::endl;
    return 1;
} else {
    std::cout << "Works" << std::endl;
}

Parameters taken from: https://neuromancer.sk/std/other/Curve448

Answered by randombit

Dec 9, 2024

Ed448 and X448 are already supported, but not through EC_Group - that interface is exclusively used for Weierstrass curves. If you just need signatures and key exchange, the dedicated interfaces (eg Ed448_PrivateKey) is certainly the preferred approach.

It is possible to map Edwards and Montgomery curves to Weierstrass coordinates; see https://crypto.stackexchange.com/questions/27842/edwards-montgomery-ecc-with-weierstrass-implementation and https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf (specifically the specifications of W-25519 and W-448) and this should work with EC_Group and related types, but this has not been tested by me or AFAIK anyone else.

Do you actu…

View full answer

randombit · 2024-12-09T21:41:36Z

randombit
Dec 9, 2024
Maintainer

Ed448 and X448 are already supported, but not through EC_Group - that interface is exclusively used for Weierstrass curves. If you just need signatures and key exchange, the dedicated interfaces (eg Ed448_PrivateKey) is certainly the preferred approach.

It is possible to map Edwards and Montgomery curves to Weierstrass coordinates; see https://crypto.stackexchange.com/questions/27842/edwards-montgomery-ecc-with-weierstrass-implementation and https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf (specifically the specifications of W-25519 and W-448) and this should work with EC_Group and related types, but this has not been tested by me or AFAIK anyone else.

Do you actually need generic point arithmetic here? If so can you please share what sort of application you are working on.

0 replies

gb-jose · 2024-12-10T11:14:40Z

gb-jose
Dec 10, 2024
Author

Thanks for the quick response!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is possible to create a custom curve like Curve448/Ed448 in Botan? #4472

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Is possible to create a custom curve like Curve448/Ed448 in Botan? #4472

gb-jose Dec 9, 2024

Replies: 2 comments

randombit Dec 9, 2024 Maintainer

gb-jose Dec 10, 2024 Author

gb-jose
Dec 9, 2024

randombit
Dec 9, 2024
Maintainer

gb-jose
Dec 10, 2024
Author