Technical Summary
This document specifies how to represent Montgomery curves and
(twisted) Edwards curves as curves in short-Weierstrass form and
illustrates how this can be used to carry out elliptic curve
computations using existing implementations of, e.g., ECDSA and ECDH
using NIST prime curves. We also provide extensive background
material that may be useful for implementers of elliptic curve
cryptography.
Working Group Summary
Several security people in the working group explicitly highlighted
their interest in this draft. This included Tero Kivinen, Hannes Tschofenig,
and Carsten Bormann. Since this draft is crypto-heavy only a few working
group members were able to provide detailed reviews. Nikolas Rösener
has reviewed and implemented the draft. No objections were raised
against this draft at any stage in the working group.
Document Quality
There is one known open implementation of the draft which is also
noted in section 7. The document was sent to the Crypto Review Panel
for review through Alexey Melnikov. Stanislav Smyshlyaev reviewed the
entire document and the formulae. All the minor comments from
Stanislav and his team were addressed by the author.
Personnel
The document shepherd is Mohit Sethi.
The Area Director is Erik Kline.
IESG Note
The COSE registrations are currently not resolved. Some discussion
by folks with knowledge/experience in this area would be welcome.
IANA Note
This document requests:
* 2 PKIX/CMS code points
* several JOSE registrations
* several COSE registrations
At this time, the state of the COSE registrations is a matter of some
discussion.