[PATCH 3/3] Add support for GOST R 34.10-2001/-2012 signatures
dbaryshkov at gmail.com
Thu Oct 3 21:56:22 CEST 2013
On Thu, Oct 3, 2013 at 5:11 PM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> If q = g and P = G for a GOST curve, there is nothing to distinguish
> ECC_DIALECT_STANDARD and ECC_DIALECT_GOST_R34_10.
> If q < g and P /= G for a GOST curve, we need to distinguish dialects.
> If we have optional fields and let GOST curve has g and G too, we can
> compute ECDSA signature with GOST curve.
Hmm. It's my fault. In the standard itself, there are two distinct values:
m (the group order) and q (the subgroup order). However two facts
distracted me. First, in the both curves defined in standard m = q.
Second, rfc4357 (which supplements standards with exact parameters,
values, etc) defines only q parameter for the curves that are used/defined.
It looks like there is a possibility for m and q to differ. Thank you very much
for pointing me to it! Even if we verify that queues defined in rfc4357 use m=q,
there is absolutely guarantee that in future curves will follow.
So it really looks like a separate domain. At least from the 'pure
I like the Werner's idea of DIALECT_SUBGROUP. It defines the curve parameters
and still leaves enough space for possible standards/curves which decide to use
subgroup instead of full group.
Werner, would you take first two patches in this serie?
With best wishes
More information about the Gcrypt-devel