P256-cortex-ecdh icon indicating copy to clipboard operation
P256-cortex-ecdh copied to clipboard

Published 20 hours ago verified publisher icon Emill

Key decompression

Open met-nikita opened this issue 1 year ago • 1 comments

Hi Emil,

Thank you for your work, the performance is great on Cortex-M0, the best I seen so far.

I was wondering however if there's an easy way to implement public key decompression using internal library functions?

met-nikita avatar Jun 26 '24 07:06 met-nikita

Thanks!

Public key decompression for Cortex-M0 could be implemented by taking the code from here: https://github.com/Emill/P256-Cortex-M4/blob/ecd3ec2222fc9e18b6b44c86bb7183971a2041fc/p256-cortex-m4-asm-keil.s#L2505 and adopt it for Thumb-1. Alternatively, the field arithmetic functions can be exported to be called from C code (after creating wrappers that push and pop r4-r11,lr to the stack to match the calling convention) and then implement the decompression in C code.

Note that per the curve equation:

y^2 = x^3 - 3x + b (mod p)

where b is a constant. Therefore, a solution to the above equation when solving for y is:

y = +-sqrt(x^3 - 3x + b) (mod p)

Thankfully, in ECDH shared secret calculation, we ignore the resulting y coordinate and hence the sign, so it doesn't matter if you pick the negative or the positive solution – you will get the same shared secret anyway. That is, you only need the x coordinate of the public key.

Let me know if you need assistance with the above.

Emill avatar Jun 26 '24 22:06 Emill