chiark / gitweb /
ec-info: Better checking of embedding degrees.
Replace the rather cheap embedding degree check with a more
sophisticated analysis.
* Use the new key-size conversions from keysz-conv.c to determine a
suitable embedding degree.
* Following L. Hitt's paper, we ensure that no field with the same
characteristic as the curve field is sufficiently small to cause
concern; the old algorithm just checked extensions of the curve
field, which can miss the smallest possible target field.
* This involves a rather fancy algorithm which partially factors the
curve order r - 1, making use of the new prime iteration code.
Still to do on this:
* Work out how to identify curves where pairings will help an attacker
solve the DDH problem.
* Provide a mechanism for passing parameters to checking functions.