elliptic curve in nettle?

[Daniel Kahn Gillmor]

On 01/07/2011 04:11 PM, Niels Möller wrote:
> 1. It makes sense to add support for certain elliptic curves or types of
>    curves to nettle. I'm still not quite sure what the applications are,
>    diffie-hellman key exchange have been mentioned, do the most
>    important standards also use them for encryption and signatures
>    (e.g., ElGamal style)? The implementation ought to include an
>    ecc exponentiation primitive that can be used for various applications.
> 
>    (BTW, Nettle currently doesn't include any support for ElGamal using
>    the usual modular group, is that something that would be useful? I
>    try to give higher priority to algorithms that are in used in real
>    protocols and applications, and lower priority to more academic
>    constructions).

OpenSSH 5.7 (due out later this month) will add the use of Elliptic
Curve DH and DSA.  Interoperability with OpenSSH by ssh clients using
nettle would be an excellent real-world scenario.

ElGamal is still widely used for asymmetric OpenPGP encryption.  Try
scanning the public keyservers for people with ElGamal subkeys (i wish i
had some easy way to present statistics from them -- sorry i don't!)

so yes, both EC and ElGamal have very clear real-world (non-academic)
usefulness.

> 3. On the legal side, I'd like to have some clear evidence that the
>    particular curves implemented are unlikely to lead to trouble with
>    known patents, possibly with fsf legal staff or sflc in the loop. I'm
>    not sure I know the area well enough to provide all needed input to
>    legal staff, though, so I may need help with this part as well.

i'll point the SFLC lawyers at this thread.  hopefully they can get in
touch.

	--dkg