Cryptographic Primitives

PFieldElt

Represents an element of a prime order field, with the named field value::BigInt holding the element itself, and p::BigInt holding the field order.

Supports all standard arithmetic operations, such as ==, +, -, *, /, inv, ^, isone, iszero, one, zero, isvalid.

CurveDomainParams{B}

Represents the elliptic curve domain parameters for elliptic curve groups defined over binary field B, as described in SEC 1 (version 2), 3.1.2.

It contains three fields:

• G::ECPointAffine{B}, a generating point, in affine coordinates
• n::BigInt, the order of G (i.e. the smallest n satisfying $G \cdot n = \mathcal{O}$)
• h::BigInt, the cofactor, $h = \#E(\mathbb{F}_{2^m}) / n$

The other elements of the septuple described in 3.1.2 are accessible through the fields of G.

Several standard curves domain parameters (taken from SEC 2, section 3) can be created by calling the following functions with a word type T:

• SECT163K1(T::Type{U}) where U<:Unsigned
• SECT163R1(T::Type{U}) where U<:Unsigned
• SECT233K1(T::Type{U}) where U<:Unsigned
• SECT233R1(T::Type{U}) where U<:Unsigned
• SECT283K1(T::Type{U}) where U<:Unsigned
• SECT283R1(T::Type{U}) where U<:Unsigned
• SECT409K1(T::Type{U}) where U<:Unsigned
• SECT409R1(T::Type{U}) where U<:Unsigned
• SECT571K1(T::Type{U}) where U<:Unsigned
• SECT571R1(T::Type{U}) where U<:Unsigned

isvalid(T::CurveDomainParams{B}, t::Int) where B

Returns true if the curve domain parameters $T$ meet the security level $t$, using the procedure in SEC 1 (version 2) 3.1.2.2.1, and false otherwise.

Note: does not currently perform step 6 (checking that $n$ is prime).

ECKeyPair{B}

Represents an elliptic curve key pair (described in SEC 1, version 2, 3.2) with fields $d$ and $Q$ (where $Q = d \cdot G$, and $G$ is the generator of the curve domain paramters used to generate this key pair). Contains named fields d::PFieldElt and Q::ECPointAffine{B}.

generate_keypair(T::CurveDomainParams{B}) where B

Gnerates a new random ECKeyPair associated with T, as described in SEC 1 (version 2) 3.2.1.

isvalid(T::CurveDomainParams{B}, Q::ECPointAffine{B}) where B

Returns true if Q is a valid public key associated with the curve domain parameters T, using the procedure in SEC 1 (version 2) 3.2.2.1, and false otherwise.

ECDSASignature

Represents a signature produced by ECDSA (Elliptic Curve DSA), with the fields r::PFieldElt and s::PFieldElt.

ecdsa_sign(T::CurveDomainParams{B}, U::ECKeyPair{B}, M::String) where B

Creates an ECDSASignature using the key pair U (associated with the curve domain parameters T) for the message M.

This follows the signing procedure described in SEC 1 (version 2) 4.1.3.

ecdsa_verify(T::CurveDomainParams{B}, Q::ECPointAffine{B}, sig::ECDSASignature, M::String) where B

Returns true if sig is valid signature for message M and public key Q (associated with curve domain parameters T), following the verifying operation described in SEC 1 (version 2) 4.1.4, and false otherwise.

ecdh_calculate(T::CurveDomainParams{B}, dU::PFieldElt, QV::ECPointAffine{B}) where B

Calculates the shared secret value for entity "U"'s private key ({dU) and entity "V"'s public key (QV), which are associated with curve domain parameters T.

This follows the procedure described in SEC 1 (version 2) 3.3.1.

ecdh_deployment1(T::CurveDomainParams)

Performs the first stage of the ECDH deployment operation (described in SEC 1, version 2, 6.1.2) from the perspective of entity "U".

ecdh_deployment2(T::CurveDomainParams{B}, QV::ECPointAffine{B}) where B

Performs the second stage of the ECDH deployment operation (described in SEC 1, version 2, 6.1.2) from the perspective of entity "U", using entity "V"'s public key (QV).

ecdh_agreement(T::CurveDomainParams{B}, ukey::ECKeyPair{B}, QV::ECPointAffine{B}) where B

This performs the ECDH key agreement operation as described in SEC 1 (version 2) 6.1.3.

It is performed from the perspective of entity "U", using their ECKeyPair ukey and the public key of entity "V" (QV).