U2F - Elliptic Curve Domain Parameters

[William]

Hi There

Can anybody help me to select Elliptic Curve Domain Parameters?

Thank you.

[Arshad Noor]

Not sure what programming language you're working with that you need to do this - most modern programming languages will allow you to choose the curve based on the name. The U2F protocol only uses the NIST P-256 curve (https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#u2f-message-framing):

"A user public key [65 bytes]. This is the (uncompressed) x,y-representation of a curve point on the P-256 NIST elliptic curve."

The same document has the link to the ECDSA standard where you can buy it: http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.62%3A2005, but I would recommend just using the the free version shown below.

Wikipedia offers this helpful suggestion at https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Domain_parameters:

The generation of domain parameters is not usually done by each participant because this involves computing the number of points on a curve which is time-consuming and troublesome to implement. As a result, several standard bodies published domain parameters of elliptic curves for several common field sizes. Such domain parameters are commonly known as "standard curves" or "named curves"; a named curve can be referenced either by name or by the unique object identifier defined in the standard documents:

and links to this site: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf for details on the standard, named curves. There are other standards referenced there too, but for what you need for U2F, the NIST guide is sufficient (if you need to reference it at all - if you're using Java, C, C++, C#, etc., the appropriate library for the programming language has the named curves available to you easily enough.

Hope that helps.

Arshad

[William]

Hi Arshad Noor

Thank you so much.