On Fri, Feb 20, 2015 at 06:50:17AM +0000, Viktor Dukhovni wrote:
[ Top post: So should the title and text of 4.4 be changed? ]
> On Wed, Feb 18, 2015 at 09:19:32PM -0700, Peter Saint-Andre - &yet wrote:
>
> > >Section 4.4. "Modular vs. Elliptic Curve"
> > >
> > >I think that "finite field" or "modp" are more common than "modular".
> >
> > I have been told that elliptic curves are also finite fields, but I am not a
> > cryptographer.
>
> Elliptic Curves are not Finite Fields. Elliptic curves can be
> defined over finite fields, but the points on the curve constitute
> only an Abelian (commutative) group, not a field.
>
> In fact, the phrase "modular" would be unfortunate in this context,
> because with Elliptic Curves in takes on a completely different
> meaning (see Wikipedia entry on the "Modularity Theorem").
>
> So I support a change of terminology to "modp", since with DHE only
> the fields $F_p$ with $p$ a prime are used, and in fact the DH
> algorithm only uses the multiplicative (mod p) group structure of
> the non-zero elements of the field (which form an Abelian group
> with p-1 elements).
>
> With modp DHE and with Elliptic Curves one looks for the number of
> elements in the resulting group to be a small multiple of a prime
> $q$, and then an element (generator or base point) is chosen which
> generates a subgroup of size $q$.
>
> With DHE typically that multiple (or "cofactor") is 2, and primes
> $p$ where $p-1$ is equal to $2q$ with $q$ also prime are called
> "safe", with $q$ called a Sophie-Germain prime. If $q$ is 11 modulo
> 12 (or equivalently $p$ is 23 mod 24) then the generator can be
> chosen to be 2. So DHE in practice uses exactly this type of prime.
>
> With Elliptic Curves the "cofactor" is often 4 or 8.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
