Curve448
   HOME

TheInfoList



OR:

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, Curve448 or Curve448-Goldilocks is an
elliptic curve In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If the ...
potentially offering 224 bits of security and designed for use with the
elliptic-curve Diffie–Hellman Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an Elliptic curve, elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be di ...
(ECDH) key agreement scheme.


History

Developed by Mike Hamburg of
Rambus Rambus Inc. is an American technology company that designs, develops and licenses chip interface technologies and architectures that are used in digital electronics products. The company, founded in 1990, is well known for inventing RDRAM ...
Cryptography Research, Curve448 allows fast performance compared with other proposed curves with comparable security. The
reference implementation In the software development process, a reference implementation (or, less frequently, sample implementation or model implementation) is a program that implements all requirements from a corresponding specification. The reference implementation ...
is available under an
MIT license The MIT License is a permissive software license originating at the Massachusetts Institute of Technology (MIT) in the late 1980s. As a permissive license, it puts very few restrictions on reuse and therefore has high license compatibility. Unl ...
. The curve was favored by the
Internet Research Task Force The Internet Research Task Force (IRTF) is an organization, overseen by the Internet Architecture Board, that focuses on longer-term research issues related to the Internet. A parallel organization, the Internet Engineering Task Force (IETF), foc ...
Crypto Forum Research Group (IRTF CFRG) for inclusion in
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS) standards along with Curve25519. In 2017, NIST announced that Curve25519 and Curve448 would be added to "Special Publication 800-186", which specifies approved
elliptic curves In mathematics, an elliptic curve is a Smoothness, smooth, Projective variety, projective, algebraic curve of Genus of an algebraic curve, genus one, on which there is a specified point . An elliptic curve is defined over a field (mathematics), ...
for use by the
US Federal Government The Federal Government of the United States of America (U.S. federal government or U.S. government) is the national government of the United States. The U.S. federal government is composed of three distinct branches: legislative, execut ...
, and in 2023 it was approved for use in FIPS 186-5. Both are described in . The name X448 is used for the DH function. X448 support was added to
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...
in version 1.1.1 (released on 11 September 2018).


Mathematical properties

Hamburg chose the Solinas trinomial prime base ''p'' = 2448 − 2224 − 1, calling it a "Goldilocks" prime "because its form defines the golden ratio ''φ'' ≡ 2224". The main advantage of a golden-ratio prime is fast Karatsuba multiplication. The curve Hamburg used is an untwisted Edwards curve E''d'': . The constant ''d'' = −39081 was chosen as the smallest absolute value that had the required mathematical properties, thus a
nothing-up-my-sleeve number In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need random ...
. Curve448 is constructed such that it avoids many potential
implementation Implementation is the realization of an application, execution of a plan, idea, scientific modelling, model, design, specification, Standardization, standard, algorithm, policy, or the Management, administration or management of a process or Goal ...
pitfalls.


See also

*
Poly1305 Poly1305 is a universal hash family designed by Daniel J. Bernstein in 2002 for use in cryptography. As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a sec ...


References

{{Cryptography public-key Elliptic curves