Questions tagged [elliptic-curves]
Elliptic curves are algebraic-geometric structures with applications in cryptography. Such a curve consists of the set of solutions to a cubic equation over a finite field equipped with a group operation. Questions relating to elliptic curves and derived algorithms should use this tag and might also consider more specific tags such as discrete-logarithm and ecdsa.
2,314 questions
1
vote
1
answer
45
views
Cost of TLS (1.3) Handshake using RSA compared to cost of using ECC?
In the TLS 1.3 handshake, the server has to sign stuff in its Hello, and the client has to verify the server's certificate and the signature which uses the certified key. I'm guessing that's a ...
- 111
1
vote
1
answer
75
views
+50
Lattice attack against single signature : how to modify the b1 and c1 constants in order to get the script working against smaller leaks?
The following script I found here. The idea explained here is that if for a single signature both the high order bits of the private key and nonce are set to 0, then it’s possible to combine those 2 ...
- 308
1
vote
0
answers
63
views
Does such public keys results means something about the random number generator?
As you know, elliptic curve key generation involve picking a random scalar and multiply it by the Generator point. A strong characteristic of secure random number generation is each of the bits has ½ ...
- 308
2
votes
1
answer
86
views
Amicable Pairs and Koblitz curve
A Koblitz curve is an elliptic curve of type $E:y^2 = x^3 + b$ where $b$ is an integer. In cryptography we often define these curves over $\mathbb{F}_p$. In such a case it is denoted by $E(\mathbb{F}...
- 741
1
vote
1
answer
67
views
Is it secure to store only the aggregated BLS public key in a smart contract for signature verification?
I have a question regarding BLS signatures and aggregate signature verification in smart contracts.
Let’s say I have 3 honest signers, each with their own private key. They all sign the same message, ...
- 13
1
vote
1
answer
102
views
Is it possible to recover nonces from ecdsa signatures if the private key is known ? If yes, how?
Simple question, given a signed message and signature, if a nonce is known, then it’s possible to recover the private key. But what about doing the reverse ? I’m meaning using the private key to ...
- 308
0
votes
0
answers
54
views
What’s the minimal size of a nonce leakage so that the private key can be recovered from a single signature in practice?
There are a lot of papers on how to recover a private key from a nonce leakage in an ecdsa signature given a signed message. The fewer bits are known the more signatures are required.
If I don’t know ...
- 308
1
vote
1
answer
50
views
A probabilistic correspondence between points on non-isomorphic elliptic curves
In mathematics there are many types of maps. Most of the maps used in cryptography are isomorphic or homomorphic maps. These maps emerge from the underlying algebra.
For examples consider two elliptic ...
- 741
3
votes
1
answer
344
views
Is it possible to find an elliptic curve of specific order such that the order is greater than the prime number used to construct it?
Finding an elliptic curve with a specific order is a solved problem (Finding an elliptic curve of specific order). However, I am interested in cases when the prime used in the modulo to construct the ...
- 65
0
votes
1
answer
86
views
Is it possible to recover the private keys if 2 signature share a common nonce?
It’s well known that in ECDSA, if two signatures are created using the same private key and the same nonce k, the private key can be recovered due to the linear ...
- 308
0
votes
0
answers
64
views
Computing random point in MOV attack example
I have been going through this example of MOV attack on a particular curve (namely $y^2 = x^3 + x + 300$ over $\mathbb F_{8111}$. The example quite clearly demonstrates how the attack actually works.
...
4
votes
1
answer
157
views
Does generating a vanity Ed25519 key pair reduce security
I found tools that bruteforce SSH Ed25519 key pairs to include specific text in the public key, but none of them mention the security implications.
Right now I'm thinking that if I could generate the ...
- 43
1
vote
0
answers
230
views
New Custom 512-bit ECC Curve: EccFrog512CK2 (Prime Order, SageMath Verified) Is it safe now?
It has been two days since I first introduced a custom elliptic curve for PQC and strong encryption.
That version was debunked by the user @Daniel-S because the curve order wasn’t prime.
So I studied ...
- 121
1
vote
2
answers
139
views
Halving a Point on an Elliptic Curve of Even Order
For an elliptic curve with the corresponding elliptic curve group of order $2k$, where $2k$ is any even integer, the inverse of $2$ does not exist so that point halving is not defined on the elliptic ...
- 65
1
vote
1
answer
149
views
Is this custom 512-bit elliptic curve cryptographically secure? (EECCFrog512)
Is this custom 512-bit elliptic curve (EECCFrog512) cryptographically sound and secure against known ECC attacks?
Body:
I’m submitting a custom elliptic curve construction for community review and ...
- 121