You wrote:
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
It seems it is being pushed forward and openssh even uses it by default now. There are implementations like [0] that nettle could take advantage to use that curve, but what I'm worried about is that the current interfaces to use this curve provide no agility.
I think you're more familier with its uses than I am. I'm thinking that it would be nice to have a
struct ecc_curve nettle_curve25519;
with the same operations (ecc_point_mul, etc), but maybe a very different implementation underneath.
If that is implementable, and sufficient to do ECDH, I think this would be nice. Is there any generic (EC)DH interface in nettle? Maybe having one would be useful, although maybe the EC math operations in different curves is sufficient.
Is that enough? It's not clear to me how people do signatures with curve25519, if that's plain ecdsa over a new curve, or something more or less different?
There are multiple options, see Ed25519 for a new signing system EdDSA. It has some nicer properties than ECDSA but it is also a bit hardcoded to that curve. http://ed25519.cr.yp.to/
I don't think it makes sense to add anything about signing in nettle for new curves until there are practical use cases. Things are changing quickly in this space.
/Simon