libgcrypt

Version: 1.10.2

Repository: https://git.gnupg.org/

Docs: https://gnupg.org/documentation/manuals/gcrypt/

Primitives

Supports ECDH, X25519 and EdDSA on C25519, X448, Ed25519, Ed448, NIST curves, Brainpool curves and secp256k1. Also supports GOST and SM2 signatures.

ECDH

KeyGen:

• Short-Weierstrass

• Left to right double-and-add-always via gcry_pk_genkey -> _gcry_pk_genkey -> generate -> ecc_generate -> nist_generate_key -> _gcry_mpi_ec_mul_point.

• Jacobian coords

• Unknown formulas: add-libgcrypt-v1102, dbl-libgcrypt-v1102,

Derive:

• Same as Keygen via gcry_pk_encrypt -> _gcry_pk_encrypt -> generate -> ecc_encrypt_raw -> _gcry_mpi_ec_mul_point.

ECDSA

Keygen:

• Same as ECDH.

Sign:

• Same as Keygen via gcry_ecc_ecdsa_sign -> _gcry_ecc_ecdsa_sign -> _gcry_mpi_ec_mul_point.

Verify:

• Two separate scalar multiplications via gcry_ecc_ecdsa_verify -> _gcry_ecc_ecdsa_verify.

EdDSA

Keygen:

• Twisted-Edwards

• Left to right double-and-add-always via gcry_pk_genkey -> _gcry_pk_genkey -> generate -> ecc_generate -> _gcry_ecc_eddsa_genkey -> _gcry_mpi_ec_mul_point.

• Projective, dbl-2008-bbjlp and add-2008-bbjlp

Sign:

• Same as Keygen via gcry_ecc_eddsa_sign -> _gcry_ecc_eddsa_sign -> _gcry_mpi_ec_mul_point.

Verify:

• Two separate scalar multiplications via gcry_ecc_eddsa_verify -> _gcry_ecc_eddsa_verify.

X25519

KeyGen:

• Montgomery

• Montgomery ladder via gcry_pk_genkey -> _gcry_pk_genkey -> generate -> ecc_generate -> nist_generate_key -> _gcry_mpi_ec_mul_point.

• xz coordinates with a shuffled version of ladd-1987-m-3

Derive:

• Same as Keygen via gcry_pk_encrypt -> _gcry_pk_encrypt -> generate -> ecc_encrypt_raw -> _gcry_mpi_ec_mul_point.