[curves] Curve19119: A legacy-level little brother of Curve25519

Björn Haase bjoern.m.haase at web.de
Thu Jul 27 09:27:31 PDT 2017


Hello,

Folks interested in a legacy-level high-efficiency curve targeting the 
~94 bit security level might like to have a look at Curve19119 and it's 
associated DH protocol X19119. Curve19119 and X19119 originally have 
been developed for use with our variant of the PAKE protocol PACE. We 
developed Curve19119 in order to get better responsiveness in our PAKE 
protocol implementation in an explosion protected setting with severe 
power constraints. Originally we did fear that Curve25519 might be too 
slow.  A preprint of our CHES2017 paper giving the curve parameters and 
the derivation process (as a side-aspect of the optimization for PACE) 
is available at

"*Making Password Authenticated Key Exchange Suitable For 
Resource-Constrained Industrial Control Devices"*
https://eprint.iacr.org/2017/562

We observe a speedup factor of roughly 1.9 in comparison to our X25519 
implementation on a Cortex M0+ microcontroller.

Yours,

Björn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170727/29644693/attachment.html>


More information about the Curves mailing list