Which of these "Safe" ECC curves are available in Bouncy Castle?

StackOverflow https://stackoverflow.com/questions/22457676

Question

I'm trying to figure out which "safe" ECC curves are supported in Bouncy Castle. I found a few curves in the namespace Org.BouncyCastle.Asn1, but they are hard to find, and I'm sure I'm missing some.

Do any of the following curves exist in Bouncy Castle? (should I use them?)

  • M-221
  • E-222
  • Curve1174
  • Curve25519
  • E-382
  • M-383
  • Curve383187
  • Curve41417
  • Ed448-Goldilocks
  • M-511
  • E-521
Was it helpful?

Solution

I found an (apparently) definitive list of the ECC curves supported by Bouncy Castle. It seems to match the named curves defined in the codebase.

None of the curve names match the names you listed.

However, there is nothing preventing you from tracking down1 and using the parameters that define any of the curves you have listed to define an ECParameterSpec ... or a ECNamedCurveParameterSpec.

1 - The parameters are in the paper you linked to. According to @mentalurg, it is not simple to get them into the correct form. However, this is an open source project, so if >>you<< care about this, there is nothing preventing you from doing the work and submitting a patch. Or if you don't have the time, sponsoring them to do the work for you.

OTHER TIPS

@Stephen C: "tracking down and using the parameters that define any of the curves" - wrong. The parameters (A and B) are only available for Weierstrass form. For Edwards or Mongomery forms one has to do a (error prone) coordinate transformation to Weierstrass form, call the encryption, then transform results back to the original coordinate system.

Besides transformation errors, the performance for such transformed curve might be not optimal.

Both Java native implementation and Bouncy Castle are missing direct support of curve forms other than Weierstrass. And that is the problem.

BC as of today has the following list from FIPS-PUB 186-3. But 186-3 is obsolete now: https://csrc.nist.gov/publications/detail/fips/186/3/archive/2009-06-25)

static
{
    defineCurve("B-571", SECObjectIdentifiers.sect571r1);
    defineCurve("B-409", SECObjectIdentifiers.sect409r1);
    defineCurve("B-283", SECObjectIdentifiers.sect283r1);
    defineCurve("B-233", SECObjectIdentifiers.sect233r1);
    defineCurve("B-163", SECObjectIdentifiers.sect163r2);
    defineCurve("K-571", SECObjectIdentifiers.sect571k1);
    defineCurve("K-409", SECObjectIdentifiers.sect409k1);
    defineCurve("K-283", SECObjectIdentifiers.sect283k1);
    defineCurve("K-233", SECObjectIdentifiers.sect233k1);
    defineCurve("K-163", SECObjectIdentifiers.sect163k1);
    defineCurve("P-521", SECObjectIdentifiers.secp521r1);
    defineCurve("P-384", SECObjectIdentifiers.secp384r1);
    defineCurve("P-256", SECObjectIdentifiers.secp256r1);
    defineCurve("P-224", SECObjectIdentifiers.secp224r1);
    defineCurve("P-192", SECObjectIdentifiers.secp192r1);
}

There is another SP that lists the approved EC curves for key agreement: https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top