Short Weierstrass Curves

Short Weierstrass Curves¶

Note

According to SafeCurves none of the Short Weierstrass Curves are secure.

Curve Formula:

\[ y^2 = x^3 + a*x + b \]

Brainpool Curves¶

brainpoolP160r1¶

brainpoolP160t1¶

brainpoolP192r1¶

brainpoolP192t1¶

brainpoolP224r1¶

brainpoolP224t1¶

brainpoolP256r1¶

brainpoolP256t1¶

brainpoolP320r1¶

brainpoolP320t1¶

brainpoolP384r1¶

brainpoolP384t1¶

brainpoolP512r1¶

brainpoolP512t1¶

Anomalous¶

BN Curves¶

ANSSI Curves¶

NIST Curves¶

B Stands for binary Curve
P Stands for Prime Curve
K Stands for Koblitz curve

B and K don't use the normal Weierstrass curve formula

B-163 (sect163r2) (ansit163r2)¶

K-163 (sect163k1)¶

P-192 (secp192r1) (prime192v1)¶

192-bit

P-224 (secp224r1) (wap-wsg-idm-ecid-wtls12) (ansip224r1)¶

224-bit
Is not safe to use

K-233 (sect233k1) (wap-wsg-idm-ecid-wtls10) (ansit233k1)¶

233-bit

P-233 (sect233p1)¶

233-bit

B-233 (sect233r1) (wap-wsg-idm-ecid-wtls11) (ansit233r1)¶

233-bit

P-256 (secp256r1) (prime256v1)¶

256-bit key
Bruteforce as strong as 128bit AES
Can be vulnerable to attack if when choosing a random x value you don't check that it is on the curve before using it
Curve is y^2 = x^3 − 3x + 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b

secp256k1¶

Is not safe to use
Curve is y^2 ≡ x^3 + 7 \pmod{17}

Example:
Lets choose the mod N = 17 this means that y^2 \equiv x^3 + 7 \pmod{17}

Lets Plot some points:

\[ x = 1, y = 5; (1^3 + 7 - 5^2 ) % 17 = 0 -> (1 + 7 - 25 ) % 17 = 0 -> -17 % 17 = 0 x = 2, y = 7; (2^3 + 7 - 7^2 ) % 17 = 0 -> (8 + 7 - 49 ) % 17 = 0 -> -34 % 17 = 0 x = 3, y = 0; (3^3 + 7 - 0^2 ) % 17 = 0 -> (27 + 7 - 0 ) % 17 = 0 -> 34 % 17 = 0 x = 4, y = ?; DNE in \pmod{17} x = 5, y = 8; (5^3 + 7 - 8^2 ) % 17 = 0 -> (216 + 7 - 36 ) % 17 = 0 -> 68 % 17 = 0 x = 6, y = 6; (6^3 + 7 - 6^2 ) % 17 = 0 -> (125 + 7 - 64 ) % 17 = 0 -> 187 % 17 = 0 x = 7, y = ?; DNE in \pmod{17} x = 8, y = 3; (8^3 + 7 - 3^2 ) % 17 = 0 -> (512 + 7 - 9 ) % 17 = 0 -> 510 % 17 = 0 x = 9, y = ?; DNE in \pmod{17} x = 10, y = 2; (10^3 + 7 - 2^2 ) % 17 = 0 -> (1000 + 7 - 4 ) % 17 = 0 -> 1003 % 17 = 0 x = 11, y = ?; DNE in \pmod{17} x = 12, y = 1; (12^3 + 7 - 1^2 ) % 17 = 0 -> (1728 + 7 - 2 ) % 17 = 0 -> 1734 % 17 = 0 x = 13, y = ?; DNE in \pmod{17} x = 14, y = ?; DNE in \pmod{17} x = 15, y = 4; (15^3 + 7 - 4^2 ) % 17 = 0 -> (3375 + 7 - 16 ) % 17 = 0 -> 3366 % 17 = 0 x = 16, y = ?; DNE in \pmod{17} x = 17, y = ?; DNE in \pmod{17} \]

Integer Adding:

\[ y^2 \equiv x^3 + 7 \pmod{17} A = (15,13) B = (1, 12) slope = ((12-13) * mod_inv(1-15)) % 17 = (-1 * mod_inv(-14)) % 17 = (-6) mod 17 = 11 x = ((11 ** 2 ) - 15 -1 ) mod 17 = (105) mod 17 = 3 y = 11 * 3 + (13 - 11 * 15) mod 17 = -119 mod 17 = 0 A + B = (15,13) + (1, 12) = (3,0) \]

Integer Doubling:

\[ y^2 ≡ x^3 + 7 (mod 17) G = (15,13) slope = ((3 * (15 ^ 2) + 0 / mod_inv(2 * 13))) % mod 17 = 1350 % mod 17 = 7 x = ((7 ** 2) - (2 * 15)) % 17 = (1822470) % 17 = 2 y = (slope * 15 + (13 - slope * 15)) % 17 = (13) % 17 = 13 2 * G = (2,13) \]

Integer Multiplication:

\[ 2 * (15,13) = 2 * (15,13) = (2,10) \\ 3 * (15,13) = 2 * (15,13) + (15,13) = (8,3) \\ 4 * (15,13) = 2 * (2 * (15,13)) = (12,1) \\ 5 * (15,13) = 2 * (2 * (15,13)) + (15,13) = (6,6) \\ 6 * (15,13) = 2 * (2 * (15,13)) + 2 * (15,13) = (5,8) \\ \]

Short Weierstrass Curves