forked from miracl/core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
curves.txt
49 lines (43 loc) · 3.93 KB
/
curves.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Here we briefly describe the supported curves
1. ED25519 - This is the Bernstein et al Edwards curve https://ed25519.cr.yp.to/ed25519-20110926.pdf
2. C25519 - The original Bernstein Montgomery curve https://cr.yp.to/ecdh/curve25519-20060209.pdf
3. NIST256 - The NIST standard 256-bit curve secp256r1 http://www.secg.org/SEC2-Ver-1.0.pdf
4. BRAINPOOL - The 256-bit Brainpool twisted curve P256r1 http://www.ecc-brainpool.org/download/Domain-parameters.pdf
5. ANNSI - French standard 256-bit curve https://safecurves.cr.yp.to/
6. HIFIVE - Our own suggested curve https://eprint.iacr.org/2015/991
7. GOLDILOCKS - New standard 448-bit Edwards curve https://eprint.iacr.org/2015/625
8. NIST384 - The NIST standard 384-bit curve secp384r1 http://www.secg.org/SEC2-Ver-1.0.pdf
9. C41417 - An efficient high-security 414-bit curve https://eprint.iacr.org/2014/526
10. NIST521 - The NIST standard 521-bit curve secp521r1 http://www.secg.org/SEC2-Ver-1.0.pdf
11-16. The Microsoft NUMS suggested standard curves - https://www.microsoft.com/en-us/research/publication/selecting-elliptic-curves-for-cryptography-an-efficiency-and-security-analysis/
17. SEC256K1 - The other NIST standard Bitcoin curve
18. SM2 - Chinese standard curve - https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
19. C13318 - Barreto's Weierstrass curve with C25519 modulus - see https://eprint.iacr.org/2019/1166
20. JUBJUB - The Zcash elliptic curve - https://z.cash/technology/jubjub/
21. X448 - Montgomery version of GOLDILOCKS - https://tools.ietf.org/html/rfc7748
22. SECP160R1 - A NIST standard 160-bit curve http://www.secg.org/SEC2-Ver-1.0.pdf - for those that like to live dangerously!
23. C1174 - A 251 bit Edwards curve suggested by Bernstein et al here - https://eprint.iacr.org/2013/325.pdf
24. C1665 - A fast 166-bit Edwards curve for ~80-bit security
25. MDC - The Million Dollar Curve - a super-secure 256 bit Edwards curve, suggested here - https://eprint.iacr.org/2015/1249
26. Tweedledum - An amicable pair of elliptic curves - see https://github.com/daira/tweedle
27. Tweedledee - An amicable pair of elliptic curves - see https://github.com/daira/tweedle
Pairing-friendly curves
Note that efforts to standardise these curves seem to have stalled, probably due to new insights
into their true security. There seems to be a move from BN curves to BLS curves for 128-bit
security and above.
28. BN254 - The Nogami BN curve - https://eprint.iacr.org/2005/133
29. BN254CX - The CertiVox standard BN curve
30. BLS12383 - Our own suggested new standard curve, a 383-bit GT-Strong BLS12 curve - https://eprint.iacr.org/2002/088
31. BLS12381 - The zk-SNARK BLS12 standard curve - https://blog.z.cash/new-snark-curve/
32. FP256BN - An ISO standard 256-bit BN curve, as recomended for use by FIDO - https://tools.ietf.org/pdf/draft-kasamatsu-bncurves-02.pdf
33. FP512BN - An ISO standard 512-bit BN curve, as recomended for use by FIDO - https://tools.ietf.org/pdf/draft-kasamatsu-bncurves-02.pdf
34. BLS12443 - A 443 bit G2 and GT Strong subgroup BLS12 curve suggested by Barreto & Scott
35. BLS12461 - A 461 bit BLS12 curve suggested by Barbulescu and Duquesne https://eprint.iacr.org/2017/334
36. BN462 - A 462 bit BN curve suggested by Sakemi, Kobayashi and Saito https://datatracker.ietf.org/doc/draft-irtf-cfrg-pairing-friendly-curves/
37. BLS24479 - An experimental (approx AES-192 bit security) BLS24 GT-Strong curve
38. BLS48556 - An experimental (approx AES-256 bit security) BLS48 GT-Strong curve
39. BLS48581 - A 581 bit BLS48 curve suggested by Sakemi, Kobayashi and Saito https://datatracker.ietf.org/doc/draft-irtf-cfrg-pairing-friendly-curves/
40. BLS48286 - A 286 bit BLS48 curve (approx AES-128 bit security) inspired by https://eprint.iacr.org/2020/760 which optimises operations in G1
41. BN158 - An experimental BN curve at the 80-bit level of security
Note that it is quite easy to add new curves, and some programs are supplied to assist in the process.
Let us know if you have a particular request - [email protected]