Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
Any thoughts, plans, or concerns about this?
I'd consider adding elliptic curve cryptography, if I get some reasonably authoritative information on some variant of ecc which is (1) useful, and (2) not patented, or patented with gpl compatible licensing.
I'm not very familiar with ecc, but my understanding is that the entire area is more or less a patent swamp, and that technically, ecc cryptography mostly makes sense in some embedded devices where small keys and signatures are important, or where modexp based cryptography is too slow.
As for performance of ecc, I suspect there are two main issues: The first is what to believe in regards to what security level you get for small ecc key sizes. The second is that I expect it will take quite some effort to do sliding window ecc exponentiation which is as well tuned as gmp's modexp (but maybe that code can be borrowed from other libraries).
I realize I'm sounding quite a bit negative. I'll be more positive if I get some clear answers to the above issues (which spec to implement, patents situation, ecc usecases, expected performance); as I said I'm not very familiar with ecc details.
Regards, /Niels