如何将ECDSA曲线规范从SEC2形式转换为Go所需的形式?

huangapple go评论94阅读模式
英文:

How can I convert a ECDSA curve specification from the SEC2 form into the form needed by Go?

问题

我正在尝试在Google Go中实现secp256k1曲线上的ECDSA。

secp256k1是由SECG标准(SEC 2,第2部分,Recommended Elliptic Curve Domain Parameters over 𝔽<sub>p</sub>,第15页)定义的,其中包括参数p,a,b,G压缩,G未压缩,n和h。

Go的加密库中,曲线是由参数P,N,B,Gx,Gy和BitSize定义的。我如何将SECG给出的参数转换为Go所需的参数?

英文:

I`m trying to implement ECDSA in the curve secp256k1 in Google Go.

Secp256k1 is defined by the SECG standard (SEC 2, part 2, Recommended Elliptic Curve Domain Parameters over 𝔽<sub>p</sub>, page 15) in terms of parameters p, a, b, G compressed, G uncompressed, n and h.

In Go's crypto library, the curves are defined by parameters P, N, B, Gx, Gy and BitSize. How do I convert parameters given by SECG into the ones needed by Go?

答案1

得分: 3

在Go的elliptic包中,

> Curve表示一个a=-3的简化魏尔斯特拉斯曲线。

因此,我们有形式为y&#178; = x&#179; - 3&#183;x + B的曲线(其中xy都取值于𝔽<sub>P</sub>)。因此,PB是用于标识曲线的参数,其他参数仅在用于密码学的曲线元素操作时才需要。

SECG标准SEC 2将secp256k1曲线定义为y&#178; = x&#179; + a&#183;x + b,其中a = 0,即实际上为y&#178; = x&#179; + b

无论选择哪个b和B,这些曲线都不相同。

使用elliptic包的Curve类无法进行您的转换,因为它仅支持某些特殊类的曲线(这些曲线具有a = -3),而SEC 2建议使用其他类的曲线(...k1曲线的a = 0)。


另一方面,名称中带有...r1的曲线似乎具有a = -3。实际上,secp256r1似乎是在elliptic中作为p256()可用的相同曲线。(我没有证明这一点,但至少SEC 2中未压缩形式的基点的十六进制数字是椭圆中基点的坐标。)

英文:

In the elliptic package of Go,

> A Curve represents a short-form Weierstrass curve with a=-3.

So, we have curves of the form y&#178; = x&#179; - 3&#183;x + B (where both x and y take values in 𝔽<sub>P</sub>). P and B thus are the parameters to identify a curve, the others are only necessary for the operations on the curve elements which will be used for cryptography.

The SECG standard SEC 2 defines the secp256k1 curve as y&#178; = x&#179; + a&#183;x + b with a = 0, i.e. effectively y&#178; = x&#179; + b.

These curves are not the same, independent of which b and B are selected here.

Your conversion is not possible with the elliptic package's Curve class, as it only supports some special class of curves (these with a = -3), while SEC 2 recommends curves from other classes (a = 0 for the ...k1 curves).


On the other hand, the curves with ...r1 in the name seem to have a = -3. And actually, secp256r1 seems to be the same curve which is available in elliptic as p256(). (I didn't prove this, but at least some the hex digits of the uncompressed form of the base point in SEC 2 are the coordinates of the base point in elliptic.)

huangapple
  • 本文由 发表于 2011年9月20日 08:24:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/7478821.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定