[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove SHOULD for elliptic curve groups in IKEv2



"The Purple Streak (Hilarie Orman)" <ho@alum.mit.edu> writes:
> Oakley and IKE and draft-orman-public-key-lengths-05 name the
> algorithms, the strengths, computational scaling,  etc. of
> ECC for Diffie-Hellman key agreement.  Mathematically,
> the algorithm is DH using point addition in elliptic curve groups over 
> GF[2^n].
> 
> Specific implementation techniques may be covered by patents, but
> see, for example, Fast Key Exchange with Elliptic Curve Systems,
> in Crypto '95, for details and pseudocode of a non-encumbered method.
What I had in mind here, was a draft that collect all of this
information in one place so that it could inform this sort of
dicussion.

The particular paper you refer to, while interesting, unfortunately,
is a little difficult to draw direct conclusions from:

	(1) It doesn't describe the technique you use for performing
	the DH key agremement you're comparing to. 
	(2) The timings you describe are on such outdated platforms
	(granted, they weren't outdated at the time) that it's very
	difficult to compare them with implementations on modern
	platforms.
	
-Ekr
	
-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/