Filter
Top Products
Performing Elliptic Curve Operations
262 RSA BSAFE Crypto-C Developer’s Guide
version number; in Crypto-C, the only version available is 0.
The second argument specifies that you want your base field to be of the form F
p
(p is
an odd prime).
The third argument sets the length of a field element in bits; in this example, set it to
be 160. For the prime field case, the size of a field element can be anywhere from 64 to
384 bits. The length of a field element, along with
minOrderBits
, strongly affects the
security of the system; the greater the length, the greater the security. However, the
greater the length, the longer it takes to generate key pairs and encrypt and decrypt.
Currently, RSA Security recommends a size of 160 to 170 bits for
minOrderBits
for
prototyping and evaluation; because
minOrderBits
defaults to 7 bits smaller than
fieldElementBits
,
fieldElementBits
should be set to 167–177 bits.
For the legal values for
fieldElementBits
in the even characteristic case, see the entry
for
AI_ECParamGen in Chapter 2 of the Reference Manual.
Note: Generating an elliptic curve for even characteristic without table lookup
(
fieldtype
= FT_F2_ONB or FT_F2_POLYNOMIAL and
tableLookup
= 0) can be
extremely time-consuming, taking several hours in some cases. In general,
larger values for
minOrderBits
means longer times for curve generation.
Therefore, if you wish to generate curves for even characteristic, but do not
want to use table lookup, you can speed curve generation by setting a smaller
value for
minOrderBits
. Remember, however, that the size of
minOrderBits
is
directly tied to the security of your elliptic curve cryptosystem. Setting
minOrderBits
allows you to make a trade-off between the time it takes to
generate curves and the security of your system.
For the fourth argument, you should always specify
CI_NO_COMPRESS. Regardless of
the value placed here, Crypto-C will represent the base and public key points as non-
compressed. If elliptic curve point compression ever becomes of such practical value
that it is implemented in a future release of Crypto-C, using
CI_NO_COMPRESS will
protect your application from unforeseen behavior when you rebuild your
application.
For the fifth and six arguments, pass 0; this tells Crypto-C to use its internal
algorithms to generate its own values: