[viff-devel] Elliptic curves

Martin Geisler mg at daimi.au.dk
Sat Jun 28 15:38:55 PDT 2008 

"Claudio Orlandi" <orlandi at daimi.au.dk> writes:

>> From reading the Wikipedia page linked below it seems very simple
>> to implement. But if it should be fast, then a library is of course
>> much better than a home-grown Python version.
>
> It's also about security. I would like an implementation that deals,
> at least, with the most common side-channel attacks. Other issues
> are which curve do you use, which kind of point representation, ...

Right, I see what you mean... I have looked at the libraries listed on
these pages:

  * http://www.homeport.org/~adam/crypto/table.html
  * http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

Some comments:

  * Botan (http://botan.randombit.net/): Nice clean C++ code, but
    unfortunately no ECC.

  * Crypto++ (http://cryptopp.com/): Typical chaotic Windows C++ code
    with very long lines, a zip file which unpacks to the current
    directory, and a license that is almost-but-not-quite public
    domain (sigh)...

    On the plus side it supports lots of stuff, including ECC, and the
    ChangeLog mentions security fixes against side-channel attacks.

    The compilation failed on my system with some problems in the
    assembler code, but I'm sure that can be fixed.

  * libecc (http://libecc.sourceforge.net/): ECC library in C++ which
    has a bunch documentation which describes the math behind the
    code.

  * OpenSSL (http://openssl.org/): Some ECC support, has a
    non-standard license (not BSD, not (L)GPL or similar) with an
    advertisement clause...

    There are some Python wrappers for OpenSSL and the M2Crypto
    package exposes an EC module which allows us to do EC DSA:

      http://chandlerproject.org/Projects/MeTooCrypto

    But I guess we want access to efficient arithmetic in the group
    provided by the elliptic curve, right?

There might be other libraries out there, but depending on what we
want the Crypto++ or OpenSSL library seems the most promissing.

For Crypto++ we would have to make our own Python bindings. I don't
have any experience with this, but from what I have read about such
bindings this can range from tedious to difficult depending on how the
memory management is done in the library and how direct its objects
can be mapped to Python objects.

> So Micheal used mostly pairing-friendly curves, that is really what
> we don't want here. Anyway, he suggested to have a look at the
> MIRACL library. The problem with this one is that is not open
> source, it's free just if you use it for fun...

Yeah, so that is not usable for VIFF :-(

-- 
Martin Geisler

More information about the viff-devel mailing list