BoringSSL ========= | Version: ``bfa8369`` (commit bfa8369) | Repository: https://github.com/google/boringssl/ | Docs: https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html Primitives ---------- Supports P-224, P-256, P-384 and P-521. Also Curve25519. Uses fiat-crypto for the SECP curve field arithmetic and x25519. P-224 ^^^^^ - Short-Weierstrass - `Comb `__ via ``mul_base -> ec_GFp_nistp224_point_mul_base``. `Fixed Window (signed, Booth) (width=5) `__ via ``mul -> ec_GFp_nistp224_point_mul``. - `Jacobian `__, - Formulas unknown: `add-boringssl-p224 `__, `dbl-boringssl-p224 `__. P-256 ^^^^^ - Short-Weierstrass - `Comb `__ via ``mul_base -> ec_GFp_nistp256_point_mul_base``. `Fixed Window (signed, Booth) (width=5) `__ via ``mul -> ec_GFp_nistp256_point_mul``. - `Jacobian-3 `__, - `add-2007-bl `__, `dbl-2001-b `__ P-384 ^^^^^ - Uses defaults (described below). P-521 ^^^^^ - Uses defaults (described below). ECDH ^^^^ KeyGen: - Short-Weierstrass - ``EC_KEY_generate_key -> ec_point_mul_scalar_base -> meth.mul_base``. Default: `Fixed Window `__, via ``ec_GFp_mont_mul_base -> ec_GFp_mont_mul``. - `Jacobian `__ - `add-2007-bl `__, `dbl-2001-b `__ Derive: - Short-Weierstrass - ``ECDH_compute_key -> ec_point_mul_scalar -> meth.mul``. Default: `Fixed Window `__, via ``ec_GFp_mont_mul``. - `Jacobian `__ - `add-2007-bl `__, `dbl-2001-b `__ ECDSA ^^^^^ KeyGen: - Short-Weierstrass - ``EC_KEY_generate_key -> ec_point_mul_scalar_base -> meth.mul_base``. Default: `Fixed Window `__, via ``ec_GFp_mont_mul``. - `Jacobian `__ - `add-2007-bl `__, `dbl-2001-b `__ Sign: - Short-Weierstrass - ``ECDSA_sign -> ECDSA_do_sign -> ecdsa_sign_impl -> ec_point_mul_scalar_base -> meth.mul_base``. Default: `Fixed Window `__, via ``ec_GFp_mont_mul``. - `Jacobian `__ - `add-2007-bl `__, `dbl-2001-b `__ Verify: - Short-Weierstrass - ``ECDSA_verify -> ECDSA_do_verify -> ecdsa_do_verify_no_self_test -> ec_point_mul_scalar_public -> meth.mul_public or meth.mul_public_batch``. Default: `Window NAF (w=4) based interleaving multi-exponentiation method `__, via ``ec_GFp_mont_mul_public_batch``. - `Jacobian `__ - `add-2007-bl `__, `dbl-2001-b `__ X25519 ^^^^^^ KeyGen: - Twisted-Edwards - ?? via ``X25519_keypair -> X25519_public_from_private -> x25519_ge_scalarmult_base``. - Has `multiple coordinate systems `__: projective, extended, completed, Duif - Unknown formulas. `dbl `__, `add `__ Derive: - Montgomery - Ladder via ``X25519 -> x25519_scalar_mult -> x25519_NEON/x25519_scalar_mult_adx/x25519_scalar_mult_generic`` - xz. - Unknown formula: `ladd-boringssl-x25519 `__ from fiat-crypto. Ed25519 ^^^^^^^ Based on ref10 of Ed25519. KeyGen: - Twisted-Edwards - ?? via ``ED25519_keypair -> ED25519_keypair_from_seed -> x25519_ge_scalarmult_base``. - Has `multiple coordinate systems `__: projective, extended, completed, Duif - Unknown formulas. `dbl `__, `add `__ Sign: - Twisted-Edwards - ?? via ``ED25519_sign -> ED25519_keypair_from_seed -> x25519_ge_scalarmult_base``. - Has `multiple coordinate systems `__: projective, extended, completed, Duif - Unknown formulas. `dbl `__, `add `__ Verify: - Twisted-Edwards - Sliding window (signed) with interleaving? via ``ED25519_verify -> ge_double_scalarmult_vartime``. - Has `multiple coordinate systems `__: projective, extended, completed, Duif - Unknown formulas. `dbl `__, `add `__