Curve448

From HandWiki
(Redirected from X448)
Short description: Elliptic curve used in Internet cryptography

In cryptography, Curve448 or Curve448-Goldilocks is an elliptic curve potentially offering 224 bits of security and designed for use with the elliptic-curve Diffie–Hellman (ECDH) key agreement scheme.

History

Developed by Mike Hamburg of Rambus Cryptography Research, Curve448 allows fast performance compared with other proposed curves with comparable security.[1] The reference implementation is available under an MIT license.[2] The curve was favored by the Internet Research Task Force Crypto Forum Research Group (IRTF CFRG) for inclusion in Transport Layer Security (TLS) standards along with Curve25519.

In 2017, NIST announced that Curve25519 and Curve448 would be added to "Special Publication 800-186", which specifies approved elliptic curves for use by the US Federal Government,[3] and in 2023 it was approved for use in FIPS 186-5.[4] Both are described in RFC 7748. The name X448 is used for the DH function. X448 support was added to OpenSSL in version 1.1.1 (released on 11 September 2018).[5]

Mathematical properties

Hamburg chose the Solinas trinomial prime base p = 2448 − 2224 − 1, calling it a "Goldilocks" prime "because its form defines the golden ratio φ ≡ 2224". The main advantage of a golden-ratio prime is fast Karatsuba multiplication.[6]

The curve Hamburg used is an untwisted Edwards curve Ed: y2 + x2 = 1 − 39081x2y2. The constant d = −39081 was chosen as the smallest absolute value that had the required mathematical properties, thus a nothing-up-my-sleeve number.

Curve448 is constructed such that it avoids many potential implementation pitfalls.[7]

See also

References

  1. Hamburg, Mike (2015). "Ed448-Goldilocks, a new elliptic curve". Cryptology ePrint Archive. https://eprint.iacr.org/2015/625. 
  2. "SourceForge.net: Ed448-Goldilocks". https://ed448goldilocks.sourceforge.net/. 
  3. "Transition Plans for Key Establishment Schemes". 31 October 2017. https://csrc.nist.gov/News/2017/Transition-Plans-for-Key-Establishment-Schemes. 
  4. Moody, Dustin (2023-02-03). FIPS 186-5: Digital Signature Standard (DSS) (Report). NIST. doi:10.6028/NIST.FIPS.186-5. https://csrc.nist.gov/publications/detail/fips/186/5/final. Retrieved 2023-03-04. 
  5. OpenSSL Foundation (2023-09-11). "/news/openssl-1.1.1-notes.html". https://www.openssl.org/news/openssl-1.1.1-notes.html. 
  6. Sasdrich, Pascal; Géneysu, Tim (2017). "Cryptography for next generation TLS: Implementing the RFC 7748 elliptic Curve448 cryptosystem in hardware". 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC). doi:10.1145/3061639.3062222. 
  7. "SafeCurves: Introduction". https://safecurves.cr.yp.to. Retrieved 2018-02-23. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Curve448&oldid=3384198"