GOST ECC pubkey

NIIBE Yutaka gniibe at fsij.org
Fri Sep 20 07:07:10 CEST 2013

On 2013-09-19 at 22:40 +0400, Dmitry Eremin-Solenikov wrote:
> I'm currently looking into implementing GOST R 34.10 digital signatures.
> Basically they are Weierstrass elliptic curves. Two main differences from ECDSA:
> 1) Different equations to calculate r and s.
> 2) Different set of curves defined in standards/RFCs.
> What would you recommend me as the user interface for this pubkey?
> Would just a flag (like it is done for EdDSA) be enough? Should I add new s-exp
> type?

I read through the document, draft-dolmatov-gost34102012-00.

IIUC, its domain parameters consist of: (p, a, b, m, q, P).

   p: the prime.
   a, b: coefficients which define the curve E.
   m: the order of the curve
   q: order of cyclic subgroup of elliptic curve points group
   P: something like base point where q * P = O

Thus, I think that we need to extend the structure ecc_domain_parms_t
to include "q", at first.

To represent as SEXP, we need to use a character other than "q" for
the order of cyclic subgroup, as it is used for Q already, as the
public key.

More information about the Gcrypt-devel mailing list