[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove SHOULD for elliptic curve groups in IKEv2



Oakley and IKE and draft-orman-public-key-lengths-05 name the
algorithms, the strengths, computational scaling,  etc. of
ECC for Diffie-Hellman key agreement.  Mathematically,
the algorithm is DH using point addition in elliptic curve groups over 
GF[2^n].

Specific implementation techniques may be covered by patents, but
see, for example, Fast Key Exchange with Elliptic Curve Systems,
in Crypto '95, for details and pseudocode of a non-encumbered method.

Hilarie


----

Eric Rescorla wrote:


> What I think would be very helpful here would be if someone
> (you?) wrote a draft describing a single algorithm with:
> 
> (1) A description of its patent status (hopefully, with
>     some reference to the techniques having been published
>     prior to patents being filed).
> (2) Some estimate of its security properties (e.g. an estimate
>     of strength.)
> (3) Some description of (unencumbered) implementation techniques
>     along with performance numbers for those techniques,
>     perhaps with comparisons to RSA.
> 
> -Ekr
> 
>