IETF Logo Mail Archive

[Cfrg] For your information: all curve parameters standardized in Russia

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Fri, 30 January 2015 16:42 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0301A86FC for <cfrg@ietfa.amsl.com>; Fri, 30 Jan 2015 08:42:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yzqi2hlhcXsy for <cfrg@ietfa.amsl.com>; Fri, 30 Jan 2015 08:41:58 -0800 (PST)
Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7D621A90F2 for <cfrg@irtf.org>; Fri, 30 Jan 2015 08:41:53 -0800 (PST)
Received: by mail-ob0-f170.google.com with SMTP id wp4so24680439obc.1 for <cfrg@irtf.org>; Fri, 30 Jan 2015 08:41:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=uwm/jqhLmFmylFTU9ZMsPMLkfYIpu8f5r4jfrgYPIpw=; b=I/QQHqn9/ljUOdsmXYCAdSk0luA3rh/54g+3YNlIv/NBAtQ3Y+Sq2RsPvCRJNwjFB4 SXfF27gSwMS7bAlz2IRl+pmzmLjYZoksUbBxe1mfeHgHfLkXuH2YPfNFZR7lX2hfU5+D 1jfNxe6uPKa45aNh1lcY51EPP92GX9iAE+siqme0IU8UnitaPwacn8RQ5TjudjG4lQaW w29R5UPan/bj31SdUL8KxSGukVFF/LPqsoXq5pd8UynVlFE2dj3IgOROb6Fps78nUi1q 4Ohnx3jWEXxrV1LM+q8Ft+EcomNt5K/PVt9+56PmxBPeOv1YjcabINA0a1Y9/rdUTxD7 ALbw==
MIME-Version: 1.0
X-Received: by 10.60.118.39 with SMTP id kj7mr4223661oeb.53.1422636113080; Fri, 30 Jan 2015 08:41:53 -0800 (PST)
Received: by 10.182.5.103 with HTTP; Fri, 30 Jan 2015 08:41:53 -0800 (PST)
Date: Fri, 30 Jan 2015 20:41:53 +0400
Message-ID: <CAMr0u6mvq_L1V8SOY5Hhtg-wCybu3r8+UKz3s6HaYFP0xw-34Q@mail.gmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="047d7b3a9a842a3b9f050de148ed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/vcNoOpoUKDceBEtgbwPFwjpGT8w>
Subject: [Cfrg] For your information: all curve parameters standardized in Russia
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 16:42:03 -0000

Recommendations on elliptic curve parameteres used in Russian national
cryptographic standards

This document describes elliptic curve parameters used in standards like
Russian national digital signature standard GOST R 34.10-2012 ([GOST]) or
VKO key exchange ([VKO]). These parameter sets include two 512-bit
Weierstrass curves, one 512-bit twisted Edwads curve and one 256-bit
Edwards curve. These curves were generated by CryptoPro LLC (
http://www.cryptopro.ru/en) and were in 2013 and 2014 adopted by Technical
Commitee for Standardization "Cryptography and security mechanisms" (TC 26,
http://tc26.ru/en/).

All curves are built on field GF(p), p is prime. Weierstrass curves are
given by equation y^2 = x^3 + ax + b. Twisted Edwards curves are given by
equation eu^2 + v^2 = 1 + du^2v^2, while the birationally equivalent
Weierstrass curve has form y^2 = x^3 + ax + b. We denote base point as P,
x(P), y(P), u(P) and v(P) are corresponding affine Weierstrass and affine
Edwards coordinates of the base point. We denote all curve points number as
m and order of base point as q.

Both proposed Weierstrass curves have cofactor 1, while both twisted
Edwards curves have cofactor 4.

All curves are supported with test vectors set. For a random number k
coordinates for point kP and kP + P are provided.

All the numbers are given in big-endian notation.




id-tc26-gost-3410-12-512-paramSetA

Object identifier: 1.2.643.7.1.2.1.2.1

Type: Weierstrass

p (decimal): 2^512 - 569

p (hexadecimal):
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFDC7

a (decimal): -3 = 2^512 - 572

a (hexadecimal):
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF
 FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFDC4

b (decimal):
12190580024266230156 18942475834009407551 48440647362312522087
72337825397464478540 42341898107432271889 94270390889972216099
47354520590448683948 135300824418144

b (hexadecimal):
E8C2505DEDFC86DD C1BD0B2B6667F1DA 34B82574761CB0E8 79BD081CFD0B6265
EE3CB090F30D2761 4CB4574010DA90DD 862EF9D4EBEE4761 503190785A71C760

q (decimal):
13407807929942597099 57402499820584612747 93658205923933777235
61443721764030073449 23231829058581763649 80496286125565968995
00625279906416653993 875474742293109

q (hexadecimal):
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF
27E69532F48D8911 6FF22B8D4E056060 9B4B38ABFAD2B85D CACDB1411F10B275x(P)
(decimal): 3

x(P) (hexadecimal): 3

y(P) (decimal):
61285671321593683755 50676650534153371826 70880790635313229604
95468664645454726071 19134529221703336921 51640510736902860619
10977477383675719244 66694236795556

y(P) (hexadecimal):
7503CFE87A836AE3 A61B8816E25450E6 CE5E1C93ACF1ABC1 778064FDCBEFA921
DF1626BE4FD036E9 3D75E6A50E3A41E9 8028FE5FC235F5B8 89A589CB5215F2A4



Test samples:

k  (hexadecimal):
F48968530762F881 A2DFA6A41FC8C43A F746739D504A2BBF A4789CBA873FB221
F0F6F73AC8BFA2DC E1E8A38E35F53879 4B8502C2013DD9F3 0ACB8EAFD5C8E3EA

x(kP) (hexadecimal):
3A3E79CC832142D3 8C6E9785E5410A07 6053F82AEA5F202B E34A253A728C48E1
3E54D76C270240A6 AB65BAE9CE5E7EBE 026C3F7F6F1DC5CE 25180EB803560354

y(kP)  (hexadecimal):
2D570573C44AE8B7 86997455F425FC7D 98E6B647E010C946 39AA8CD19ACDF338
5A07E9351444B9BB 68C8B1D57C254AAB 1A718964C07E3720 546E87D3E67F8B17

x(kP + P)  (hexadecimal):
1A873259EE8B3197 5D8A97ED58D443E9 840C07E5953C26D6 9A86F97749BCECA2
5975355365252A65 023E7AEDD2859042 62DFB730EA19073C 65BA6B1E6A824516

y(kP + P)  (hexadecimal):
C0DA167DB2B76856 D7C6B568D9564555 752DD7E66CA98306 DCD289960D295E1E
2051B347658B13F2 38E0C26D43CC1F28 159CCB5897CFD4E2 2875ACC05CEF8FFF



id-tc26-gost-3410-12-512-paramSetB

Object identifier: 1.2.643.7.1.2.1.2.2

Type: Weierstrass

p (decimal): 2^511 + 111

p (hexadecimal)
8000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000 000000000000006F

a (decimal): -3 = 2^511+108

a (hexadecimal):
8000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000 000000000000006C

b (decimal):
5472517130514047254760 4330712816572741710343 8955376977974794160312
5796549693907036696237 2739527026378575800712 9325424094507949648437
3854264998452887027990

b (hexadecimal):
687D1B459DC84145 7E3E06CF6F5E2517 B97C7D614AF138BC BF85DC806C4B289F
3E965D2DB1416D21 7F8B276FAD1AB69C 50F78BEE1FA3106E FB8CCBC7C5140116

q (decimal):
67039039649712985497 87012499102923063739 68291029619668886178
07218608820150369225 85419853748190383615 06291094774340556751
01483988207171002828 56877776119229

q (hexadecimal):
8000000000000000 0000000000000000 0000000000000000 0000000000000001
49A1EC142565A545 ACFDB77BD9D40CFA 8B996712101BEA0E C6346C54374F25BD

x(P) (decimal):  2

x(P) (hexadecimal):  2

y(P) (decimal):
13910877977955572587 11735874750463328666 72929764755386079434
04349820727624912779 63324668489993185089 36570303349420418056
81819055489680110759 10357787492797
y(P) (hexadecimal):

1A8F7EDA389B094C 2C071E3647A8940F 3C123B697578C213 BE6DD9E6C8EC7335
DCB228FD1EDF4A39 152CBCAAF8C03988 28041055F94CEEEC 7E21340780FE41BD



Test samples:

k (hexadecimal):
FB532A3D6533878D 737A3B17000A8F88 286AF463112218EA 166B3FCE2337B5A1
5BE26FF1BD4F8148 B4549133D2963A2A 0DEB6BC73A73D1A5 5AE84C92BE886A0D

x(kP) (hexadecimal):
68515EB05BBD6280 BBBB0830C640E0B7 911828814A0A190D 3F5E79F75FB52457
6D2FBF6F83234F62 C79795A05EFCC885 49F69A8838183478 3FDF06F186B7FB44

y(kP) (hexadecimal):
53CC3DD4505C59CF 358CE66CA83427A5 622017F5F4CB7213 DC9AC7F770C40354
F735DC8CAB5DED76 4790FE7865823934 04583B13395AC532 F008186846D557AC

x(kP + P) (hexadecimal):
38AA9D504DDF3D4C 10CA3C0061A68D7F 454F802B1AE4ABF5 7B9E9BEB734CE836
BA096CED804CD996 A1A82E048C247C08 2AD368097D95768B D9E2859F8A436CCD

y(kP + P) (hexadecimal):
0E11E1EF44C16FB3 6EC251DEA6E2DF21 6054B2FED5567195 645880F3D6BB81CF
F86867F544C267C2 7F19EA9A3901469A 097ABD90F844B4CB A1FA93B8BB1EE4C8





id-tc26-gost-3410-12-512-paramSetC

Object identifier: 1.2.643.7.1.2.1.2.3

Type: Twisted Edwards

p (decimal): 2^512-569

p (hexadecimal):
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFDC7

a (decimal):
11552207741726624081 38485443175427045341 99909581585365474536
30472753284279856029 01303342173019597777 29124849705609770548
97563749457966985165 428182284278739

a (hexadecimal):
DC9203E514A72187 5485A529D2C722FB 187BC8980EB86664 4DE41C68E1430645
46E861C0E2C9EDD9 2ADE71F46FCF50FF 2AD97F951FDA9F2A 2EB6546F39689BD3

b (decimal):
94676543149742393648 49779893497935997616 54668089364237723598
18687410512156510324 46828994750528267630 60430610161071152105
59552901485771591251 87794668181473

b (hexadecimal):
B4C4EE28CEBC6C2C 8AC12952CF37F16A C7EFB6A9F69F4B57 FFDA2E4F0DE5ADE0
38CBC2FFF719D2C1 8DE0284B8BFEF3B5 2B8CC7A5F5BF0A3C 8D2319A5312557E1

e (decimal): 1

e (hexadecimal): 1

d (decimal):
82913685825403917599 56325599449696250171 73783865124128958599
79405570587036826119 83276933821315724273 2624569794907836022
84025399599007870613 061010570769744

d (hexadecimal):
9E4F5D8C017D8D9F 13A5CF3CDF5BFE4D AB402D54198E31EB DE28A0621050439C
A6B39E0A515C06B3 04E2CE43E79E369E 91A0CFC2BC2A22B4 CA302DBB33EE7550

m (decimal):
13407807929942597099 57402499820584612747 93658205923933777235
61443721764030073448 46347320033739688509 76753928234033665820
58868465127637383742 173859717091252

m (hexadecimal):
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF
26336E91941AAC01 30CEA7FD451D40B3 23B6A79E9DA6849A 5188F3BD1FC08FB4

q (decimal):
33519519824856492748 93506249551461531869 84145514809834443089
03609304410075183621 15868300084349221274 41884820585084164551
47171162819093459355 43464929272813

q (hexadecimal):
3FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF
C98CDBA46506AB00 4C33A9FF5147502C C8EDA9E7A769A126 94623CEF47F023ED

x(P) (decimal):
11883046340949417535 95925361103163743848 61219893577482479635
85015455167053565085 94216113087093762259 67478314599795902458
49590330315393322885 186213222089032

x(P) (hexadecimal):
E2E31EDFC23DE7BD EBE241CE593EF5DE 2295B7A9CBAEF021 D385F7074CEA043A
A27272A7AE602BF2 A7B9033DB9ED3610 C6FB85487EAE97AA C5BC7928C1950148

y(P) (decimal):
12873887912291418762 16321917489924902778 89093549642795610447
04584079894283286935 68863958710113734676 52642378309337858972
90140286858111689735 138773336704015

y(P) (hexadecimal):
F5CE40D95B5EB899 ABBCCFF5911CB857 7939804D6527378B 8C108C3D2090FF9B
E18E2D33E3021ED2 EF32D85822423B63 04F726AA854BAE07 D0396E9A9ADDC40F

u(P) (decimal): 18

u(P) (hexadecimal): 12

v(P) (decimal):
36979017503500364661 95501370680965130892 92544552879410651570
06855305279130383310 15106382234398842797 31477426406170232846
97262362763698985268 28850803907133

v(P) (hexadecimal):
469AF79D1FB1F5E1 6B99592B77A01E2A 0FDFB0D01794368D 9A56117F7B386695
22DD4B650CF789EE BF068C5D139732F0 905622C04B2BAAE7 600303EE73001A3D



Test samples:

k (hexadecimal):
EA83DDED988F108F BA24F34233D6557B 2F969D4817E8CB04 7FB41FDB524806E9
B92AE502D8C52E5F F07115237E493F7E 1B383216D8058713 6339573578FA3DE3

u(kP) (hexadecimal):
9C3EAA7B005837BF 483C76196C98B055 1ECE3165FF185E7D 0D6EB4A7E51210D9
61382150D95B8472 D502CE33A4A5237D 1D670BA840114ADE 3AF6ED0DEA30B412

v(kP) (hexadecimal):
BE5ECA44686520DA D5BD5A211933D143 A3F0D406D3A1B041 0086AB426743BBBF
F116371A1E79EF07 7522667A896C145A AE1D51C9928E39AC 00C75E770772A388

x(kP) (hexadecimal):
5A09D774217E7921 95B13EC2FFCD193B 90D20A8D7089B06E 7D7BCE87F4A98818
D1B0CBAFA30DB19A 143A90D09779DE24 092A0108D1E0C980 97995593E9671664

y(kP)  (hexadecimal):
55FEBCD4B6395EF0 086D358626A85050 8004FB6B0A3AD782 D7B3E40E471B86A2
083FD98CA51F3DC1 F933AEA1D1DDBB18 96A46ED3513297F5 5358785FCB45AB02

u(kP + P) (hexadecimal):
C088D94C6F04AAF7 08ABCFB270186A91 1E551F1A4FC62DFB 55C7A937F6D83DE1
A980ED6F9014E9C0 043023FF973B11D1 4A1653832ED090FA 1141EF25A5C8A8BC

v(kP + P) (hexadecimal):
3CE14FD4D0748C13 C5882EAE9F792DDB 1076A5C1C87461BA 384563A3CD2100C5
3C4073278C68F80D F61E7EDB72EC47D1 637AD937916626E3 1D4BE25A80143D78

x(kP + P) (hexadecimal):
4AFE05204164ABF7 BF5DADE905140098 E50F90750BD6E662 45733BBF15D8AE42
A6C5B59500C6EF2A 57E9ECB6931973C6 4A3D40F7E77D916C BB785532A9131BFC

y(kP + P)  (hexadecimal):
67BD7F91DCB50101 43FDCE932EF40C77 E329CCA0BF9DF48C BA152D05809DF4CC
EF5C1BFF6AE1CDF4 645D7C1912801342 082113E2EC613621 905767764A89A4EB



id-tc26-gost-3410-2012-256-paramSetA

Object identifier: 1.2.643.7.1.2.1.1.1

Type: Twisted Edwards

p (decimal): 2^256-617

p (hexadecimal):
FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFFFFFFFD97

a (decimal):
87789765485885808793 36975129440684117161 45899251934569098559
62166505018127157

a (hexadecimal):
C2173F1513981673 AF4892C23035A27C E25E2013BF95AA33 B22C656F277E7335

b (decimal):
18713751737015403763 89050345731859656045 98677961698302791625
11461744901002515

b (hexadecimal):
295F9BAE7428ED9C CC20E7C359A9D41A 22FCCD9108E17BF7 BA9337A6F8AE9513

e (decimal): 1

e (hexadecimal): 1

d (decimal):
27244141104746059318 34268501164757645998 72687847307680943260
4223414351675387

d (hexadecimal):
0605F6B7C183FA81 578BC39CFAD51813 2B9DF62897009AF7 E522C32D6DC7BFFB

m (decimal):
11579208923731619542 35709850086879078533 54241192369013770048
613635142121435548

m (hexadecimal):
0000000000000001 0000000000000000 0000000000000000 3F63377F21ED98D7
0456BD55B0D8319C

q (decimal):
28948022309329048855 89274625217197696333 85602980922534425121
53408785530358887

q (hexadecimal):
4000000000000000 0000000000000000 0FD8CDDFC87B6635 C115AF556C360C67

x(P) (decimal):
65987350182584560790 30864061958683471210 55451262697593654067
68962453298326056

x(P) (hexadecimal):
91E38443A5E82C0D 880923425712B2BB 658B9196932E02C7 8B2582FE742DAA28

y(P) (decimal):
22855189202984962870 42140250411039929315 22353829081057417499
87405721320435292

y(P) (hexadecimal):
32879423AB1A0375 895786C4BB46E956 5FDE0B5344766740 AF268ADB32322E5C

u(P) (decimal): 13

u(P) (hexadecimal): D

v(P) (decimal):
43779144989398987843 42877916609043640693 41958219151835744542
24403186176950503

v(P) (hexadecimal):
60CA1E32AA475B34 8488C38FAB07649C E7EF8DBE87F22E81 F92B2592DBA300E7



Test samples:

k (hexadecimal):
0439094A02C4E91D AAF8BF692CEB2EC8 E1EA5EEAEB51E48C 901B766FE548EAA7

u(kP) (hexadecimal):
7ABDDE365872ABE2 47A62AC93BBFE343 DDCD97B49BE630D0 3C5E74E34D25E193

v(kP) (hexadecimal):
6E0611FA08751D46 E5FD2A1464A8497A 15F9D67F47CCD3FE 359DA2D5066CF4FC

x(kP) (hexadecimal):
3A1B0D99E0CB1C73 34CF634EC4AB0E65 208D08167289AE09 1AF8B189CA3BEEE2

y(kP)  (hexadecimal):
22EEE1B8BB719560 811642D2ECEED788 FE1789044B3F1A8E B23B325195D8F49D

u(kP + P) (hexadecimal):
07EF9B50A2E069FF 65167925F1BB2F76 BCC1CF7E5F54A202 D67C5BD4586CD50D

v(kP + P) (hexadecimal):
FEC197EDE4FBC845 4E2428FC91F3ECEE 9CA1FDA59DB16A11 35AF8EF8D94E314F

x(kP + P) (hexadecimal):
B245CB80E81BAAB4 D174553FE2C25BF9 19E4228B95A127C5 61B0CF2569718998

y(kP + P)  (hexadecimal):
6CE88393F5EAF62A D6F47A02A05DF44B 12461E3ECD1FDD7A 4C1E4C2FBE31168A




References

[GOST]
GOST R 34.10–2012 "Information technology. Cryptographic data security.
Signature and verification processes of [electronic] digital signature"
Approved and introduced by Decree \#215 of the Federal Agency on Technical
Regulating and Metrology on 07.08.2012
Please, consider also RFC 7091

[VKO]
Using of cryptographic algorithms, implementing standards GOST R 34.10-2012
and GOST R 34.11-2012 (In Russian)
http://tc26.ru/methods/recommendation/ТК26АЛГ.pdf


Best regards,
Stanislav V. Smyshlyaev, Ph.D.,
Head of Information Security Department,
CryptoPro LLC

v2.23.0 | Report a Bug | By Email