On 01/07/2011 04:11 PM, Niels Möller wrote:
It makes sense to add support for certain elliptic curves or types of curves to nettle. I'm still not quite sure what the applications are, diffie-hellman key exchange have been mentioned, do the most important standards also use them for encryption and signatures (e.g., ElGamal style)? The implementation ought to include an ecc exponentiation primitive that can be used for various applications.
(BTW, Nettle currently doesn't include any support for ElGamal using the usual modular group, is that something that would be useful? I try to give higher priority to algorithms that are in used in real protocols and applications, and lower priority to more academic constructions).
OpenSSH 5.7 (due out later this month) will add the use of Elliptic Curve DH and DSA. Interoperability with OpenSSH by ssh clients using nettle would be an excellent real-world scenario.
ElGamal is still widely used for asymmetric OpenPGP encryption. Try scanning the public keyservers for people with ElGamal subkeys (i wish i had some easy way to present statistics from them -- sorry i don't!)
so yes, both EC and ElGamal have very clear real-world (non-academic) usefulness.
- On the legal side, I'd like to have some clear evidence that the particular curves implemented are unlikely to lead to trouble with known patents, possibly with fsf legal staff or sflc in the loop. I'm not sure I know the area well enough to provide all needed input to legal staff, though, so I may need help with this part as well.
i'll point the SFLC lawyers at this thread. hopefully they can get in touch.
--dkg