NSS¶

Version: 3.94
Repository: https://hg.mozilla.org/projects/nss
Docs:

Primitives¶

ECDH, ECDSA (only standard curves P-256, P-384, P-521), also x25519.

Two ECMethods:

Several ECGroups:

The ECMethods override the scalarmult of the ECGroups in:

ec_NewKey via ec_get_method_from_name and then calling the method.mul.
EC_ValidatePublicKey via ec_get_method_from_name and then calling the method.validate.
ECDH_Derive via ec_get_method_from_name and then calling the method.mul.
ECDSA_SignDigest and ECDSA_SignDigestWithSeed via ec_SignDigestWithSeed, then ec_get_method_from_name and then calling the method.mul.

KeyGen:

Short-Weierstrass
Fixed Window (width = 4)? points to https://eprint.iacr.org/2013/816.pdf? via ec_secp256r1_pt_mul -> (Hacl*) Hacl_P256_dh_initiator -> point_mul_g
projective-3 coords.
add-2015-rcb, dbl-2015-rcb-3

Derive:

Sign:

Verify:

KeyGen:

Short-Weierstrass
Comb from ecckiila: EC_NewKeyFromSeed -> ec_NewKey -> ec_points_mul -> ECPoints_mul -> ecgroup.points_mul -> point_mul_two_secp384r1_wrap -> point_mul_g_secp384r1_wrap -> point_mul_g_secp384r1 -> fixed_smul_cmb.
projective-3 coords.
dbl-2015-rcb-3, madd-2015-rcb-3 also add-2015-rcb in point_add_proj.

Derive:

Short-Weierstrass
Regular Window NAF (width = 5) from ecckiila: ECDH_Derive -> ec_points_mul -> ECPoints_mul -> ecgroup.points_mul -> point_mul_secp384r1_wrap -> point_mul_secp384r1 -> var_smul_rwnaf.
projective-3 coords.
dbl-2015-rcb-3, add-2015-rcb.

Sign:

Verify:

Short-Weierstrass
Interleaved multi-scalar window NAF (width = 5) with Shamir’s trick from ecckiila: ECDSA_SignDigest -> ECDSA_SignDigestWithSeed -> ec_SignDigestWithSeed -> ec_points_mul -> ECPoints_mul -> ecgroup.points_mul -> point_mul_two_secp384r1_wrap -> point_mul_two_secp384r1 -> var_smul_wnaf_two
projective-3 coords.
dbl-2015-rcb-3, madd-2015-rcb-3 also add-2015-rcb in point_add_proj.

Same as P-384.

KeyGen:

Derive: