Expand description
NIST P-224 Elliptic Curve Primitives
This module implements the NIST P-224 elliptic curve operations in constant time. The curve equation is y² = x³ - 3x + b over the prime field F_p where:
- p = 2^224 - 2^96 + 1 (NIST P-224 prime)
- The curve order n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D
All operations are implemented to be constant-time to prevent timing attacks. The implementation uses:
- Specialized reduction for the P-224 prime
- Jacobian projective coordinates for efficient point operations
- Binary scalar multiplication with constant-time point selection
Structs§
- Field
Element - P-224 field element representing values in F_p
- Point
- P-224 elliptic curve point in affine coordinates (x, y)
- Scalar
- P-224 scalar value for use in elliptic curve operations
Enums§
- Point
Format - Format of a serialized elliptic curve point
Constants§
- P224_
CIPHERTEXT_ SIZE - Size of the complete KEM ciphertext: compressed point + authentication tag
- P224_
FIELD_ ELEMENT_ SIZE - Size of a P-224 field element in bytes (28 bytes = 224 bits)
- P224_
KEM_ SHARED_ SECRET_ KDF_ OUTPUT_ SIZE - Size of the KDF output for P-224 ECDH-KEM shared secret derivation
- P224_
POINT_ COMPRESSED_ SIZE - Size of a compressed P-224 point in bytes: format byte (0x02/0x03) + x-coordinate
- P224_
POINT_ UNCOMPRESSED_ SIZE - Size of an uncompressed P-224 point in bytes: format byte (0x04) + x-coordinate + y-coordinate
- P224_
SCALAR_ SIZE - Size of a P-224 scalar in bytes (28 bytes = 224 bits)
- P224_
TAG_ SIZE - Size of the authentication tag for KEM ciphertext
Functions§
- base_
point_ g - Get the standard base point G of the P-224 curve
- generate_
keypair - Generate a cryptographically secure ECDH keypair
- kdf_
hkdf_ sha256_ for_ ecdh_ kem - Key derivation function for ECDH shared secret using HKDF-SHA256
- scalar_
mult - General scalar multiplication: compute scalar * point
- scalar_
mult_ base_ g - Scalar multiplication with the base point: scalar * G