Re: EC-JPAKE: Elliptic Curve NIST P-256 or secp256r1?

[Martin Turon]

https://www.ietf.org/rfc/rfc5480.txt

2.1.1.1.  Named Curve

   The namedCurve field in ECParameters uses object identifiers to name
   well-known curves.  This document publishes curve identifiers for the
   fifteen NIST-recommended curves [FIPS186-3].  Other documents can
   publish other name curve identifiers.  The NIST-named curves are:

     -- Note that in [X9.62] the curves are referred to as 'ansiX9' as
     -- opposed to 'sec'.  For example, secp192r1 is the same curve as
     -- ansix9p192r1.

     -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
     -- prime192v1 and the secp256r1 curve was referred to as
     -- prime256v1.

     -- Note that [FIPS186-3] refers to secp192r1 as P-192, secp224r1 as
     -- P-224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as
     -- P-521.

_____________________________
Martin Turon  |  Nest Labs

On Tue, Jan 9, 2018 at 12:39 AM, <jerome....@gmail.com> wrote:

Hello,

I have a question concerning Elliptic Curve type used for EC-JPAKE during Commissioning process.

in CommissioningWhitePaper.pdf:

it is mentioned that NIST P-256 is used as Elliptic Curve:

"The fundamental security used in the Thread Network is an elliptic curve variant of J-PAKE (ECJPAKE),

using the NIST P-256 elliptic curve."

BUT in OpenThread porting Guide (https://openthread.io/guides/porting/implement_advanced_features), it is mentioned secp256r1 as Elliptic Curve:

"Curve secp256r1 is used in the key exchange algorithm of the ECJPAKE draft. 

Hence, hardware acceleration should at least support the secp256r1 short weierstrass curve operation."

Is NIST P-256 identical to secp256r1?

If not which one to choose?

Thanks,

BR

Jerome

--
You received this message because you are subscribed to the Google Groups "openthread-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openthread-users+unsubscribe@googlegroups.com.
To post to this group, send email to openthread-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openthread-users/3c3b357d-91b4-4eba-b65a-431fb06b38cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[jerome....@gmail.com]

Hi,

Thanks for your response.

In the meantime I found https://tools.ietf.org/search/rfc4492

   ------------------------------------------

Curve names chosen by

different standards organizations

------------+---------------+-------------
SECG | ANSI X9.62 | NIST
------------+---------------+-------------
sect163k1 | | NIST K-163
sect163r1 | |
sect163r2 | | NIST B-163
sect193r1 | |
sect193r2 | |
sect233k1 | | NIST K-233
sect233r1 | | NIST B-233
sect239k1 | |
sect283k1 | | NIST K-283
sect283r1 | | NIST B-283
sect409k1 | | NIST K-409
sect409r1 | | NIST B-409
sect571k1 | | NIST K-571
sect571r1 | | NIST B-571
secp160k1 | |
secp160r1 | |
secp160r2 | |
secp192k1 | |
secp192r1 | prime192v1 | NIST P-192
secp224k1 | |
secp224r1 | | NIST P-224
secp256k1 | |
secp256r1 | prime256v1 | NIST P-256
secp384r1 | | NIST P-384
secp521r1 | | NIST P-521
------------+---------------+-------------

Table 6: Equivalent curves defined by SECG, ANSI, and NIST 

BR

Jerome

To unsubscribe from this group and stop receiving emails from it, send an email to openthread-use...@googlegroups.com.
To post to this group, send email to openthre...@googlegroups.com.