BearSSL

Version: v0.6
Repository: https://bearssl.org/gitweb/?p=BearSSL;a=summary
Docs: https://bearssl.org/index.html

Primitives

Supports SECG prime field curves, as well as Brainpool and Curve25519, Curve448. Has API functions for ECDSA, but does ECDH only implicitly in its TLS implementation (no public API exposed). Unclear whether Ed25519 is supported.

ECDH

KeyGen:

  • Short-Weierstrass

  • (width=2) Fixed Window via br_ec_compute_pub -> impl.mulgen -> impl.mul, but (width=4) Fixed Window via br_ec_compute_pub -> impl.mulgen for special (P-256) curves.

  • Jacobian coordinates

  • Unknown formulas: add-bearssl-v06, dbl-bearssl-v06,

Derive:

  • Short-Weierstrass

  • (width=2) Fixed Window via impl.mul.

  • Coordinates and formulas same as in KeyGen.

ECDSA

KeyGen:

  • Same as ECDH.

Sign:

  • Short-Weierstrass

  • (width=2) Fixed Window via br_ecdsa_*_sign_raw -> impl.mulgen -> impl.mul, but (width=4) Fixed Window via br_ecdsa_*_sign_raw -> impl.mulgen for special (P-256) curves.

  • Coordinates and formulas same as in KeyGen.

Verify:

  • Short-Weierstrass

  • Simple scalarmult then add via br_ecdsa_*_verify_raw -> impl.muladd -> impl.mul + add

  • Coordinates and formulas same as in KeyGen.

x25519

KeyGen:

  • Montgomery

  • Montgomery ladder via br_ec_compute_pub -> impl.mulgen -> impl.mul.

  • xz coordinates

  • ladd-rfc7748

Derive:

  • Same as KeyGen.