{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T10:40:38Z","timestamp":1777372838671,"version":"3.51.4"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319271514","type":"print"},{"value":"9783319271521","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-27152-1_6","type":"book-chapter","created":{"date-parts":[[2015,12,8]],"date-time":"2015-12-08T23:55:10Z","timestamp":1449618910000},"page":"109-139","source":"Crossref","is-referenced-by-count":12,"title":["How to Manipulate Curve Standards: A White Paper for the Black Hat http:\/\/bada55.cr.yp.to"],"prefix":"10.1007","author":[{"given":"Daniel J.","family":"Bernstein","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tung","family":"Chou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chitchanok","family":"Chuengsatiansup","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andreas","family":"H\u00fclsing","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eran","family":"Lambooij","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tanja","family":"Lange","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruben","family":"Niederhagen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christine","family":"van Vredendaal","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,12,9]]},"reference":[{"key":"6_CR1","unstructured":"Accredited Standards Committee X9: American national standard X9.62-1999, public key cryptography for the financial services industry: the elliptic curve digital signature algorithm (ECDSA) (1999)"},{"key":"6_CR2","unstructured":"Accredited Standards Committee X9: American national standard X9.63-2001, public key cryptography for the financial services industry: key agreement and key transport using elliptic curve cryptography (2001)"},{"key":"6_CR3","unstructured":"Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information: Publication d\u2019un param\u00e9trage de courbe elliptique visant des applications de passeport \u00e9lectronique et de l\u2019administration \u00e9lectronique fran\u00e7aise (2011)"},{"key":"6_CR4","unstructured":"Aumasson, J.P.: Generator of \u201cnothing-up-my-sleeve\" (NUMS) constants (2015). \n https:\/\/github.com\/veorq\/numsgen\/blob\/master\/numsgen.py"},{"issue":"216","key":"6_CR5","doi-asserted-by":"publisher","first-page":"1701","DOI":"10.1090\/S0025-5718-96-00775-2","volume":"65","author":"E Bach","year":"1996","unstructured":"Bach, E., Peralta, R.: Asymptotic semismoothness probabilities. Math. Comput. 65(216), 1701\u20131715 (1996)","journal-title":"Math. Comput."},{"key":"6_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11745853_14","volume-title":"Public Key Cryptography - PKC 2006","author":"DJ Bernstein","year":"2006","unstructured":"Bernstein, D.J.: Curve25519: New Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207\u2013228. Springer, Heidelberg (2006)"},{"key":"6_CR7","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/s13389-012-0027-1","volume":"2","author":"DJ Bernstein","year":"2012","unstructured":"Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Crypt. Eng. 2, 77\u201389 (2012)","journal-title":"J. Crypt. Eng."},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 967\u2013980. ACM (2013)","DOI":"10.1145\/2508859.2516734"},{"key":"6_CR9","unstructured":"Bernstein, D.J., Lange, T.: SafeCurves: choosing safe curves for elliptic-curve cryptography (2015). \n http:\/\/safecurves.cr.yp.to\n \n . Accessed 21 May 2015"},{"key":"6_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-642-33027-8_19","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2012","author":"DJ Bernstein","year":"2012","unstructured":"Bernstein, D.J., Schwabe, P.: NEON Crypto. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 320\u2013339. Springer, Heidelberg (2012). \n http:\/\/dx.doi.org\/10.1007\/9783642330278"},{"key":"6_CR11","unstructured":"Black, B., Bos, J.W., Costello, C., Langley, A., Longa, P., Naehrig, M.: Rigid parameter generation for elliptic curve cryptography (2015). \n https:\/\/tools.ietf.org\/html\/draft-black-rpgecc-01"},{"key":"6_CR12","unstructured":"Black, B., Bos, J.W., Costello, C., Longa, P., Naehrig, M.: Elliptic curve cryptography (ECC) nothing up my sleeve (NUMS) curves and curve generation (2014). \n https:\/\/tools.ietf.org\/html\/draft-black-numscurves-00"},{"key":"6_CR13","doi-asserted-by":"publisher","unstructured":"Bos, J.W., Costello, C., Longa, P., Naehrig, M.: Selecting elliptic curves for cryptography: an efficiency and security analysis. J. Cryptographic Eng. 1\u201328 (2015). doi:\n 10.1007\/s13389-015-0097-y","DOI":"10.1007\/s13389-015-0097-y"},{"key":"6_CR14","unstructured":"ECC Brainpool: ECC Brainpool standard curves and curve generation (2005). \n http:\/\/www.ecc-brainpool.org\/download\/Domain-parameters.pdf"},{"key":"6_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/3-540-45664-3_24","volume-title":"Public Key Cryptography","author":"E Brier","year":"2002","unstructured":"Brier, E., Joye, M.: Weierstra\u00df elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335\u2013345. Springer, Heidelberg (2002)"},{"key":"6_CR16","unstructured":"Certicom Research: SEC 1: Elliptic curve cryptography, version 1.0 (2000)"},{"key":"6_CR17","unstructured":"Certicom Research: SEC 2: Recommended elliptic curve domain parameters, version 1.0 (2000)"},{"key":"6_CR18","unstructured":"Certicom Research: SEC 1: Elliptic curve cryptography, version 2.0 (2009)"},{"key":"6_CR19","unstructured":"Certicom Research: SEC 2: Recommended elliptic curve domain parameters, version 2.0 (2010)"},{"key":"6_CR20","unstructured":"Checkoway, S., Fredrikson, M., Niederhagen, R., Everspaugh, A., Green, M., Lange, T., Ristenpart, T., Bernstein, D.J., Maskiewicz, J., Shacham, H.: On the practical exploitability of Dual EC in TLS implementations. In: 23rd USENIX Security Symposium (USENIX Security 2014). USENIX Association, San Diego (2014)"},{"key":"6_CR21","unstructured":"Chou, T.: Sandy2x: fastest Curve25519 implementation ever (2015). \n http:\/\/csrc.nist.gov\/groups\/ST\/ecc-workshop-2015\/presentations\/session6-chou-tung.pdf"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-642-02384-2_23","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2009","author":"N Costigan","year":"2009","unstructured":"Costigan, N., Schwabe, P.: Fast elliptic-curve cryptography on the Cell Broadband engine. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 368\u2013385. Springer, Heidelberg (2009)"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"D\u00fcll, M., Haase, B., Hinterw\u00e4lder, G., Hutter, M., Paar, C., S\u00e1nchez, A.H., Schwabe, P.: High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers. Designs, Codes and Cryptography (to appear, 2015). \n https:\/\/cryptojedi.org\/papers\/mu25519-20150417.pdf","DOI":"10.1007\/s10623-015-0087-1"},{"key":"6_CR24","unstructured":"Flori, J.P., Pl\u00fbt, J., Reinhard, J.R., Eker\u00e5, M.: Diversity and transparency for ECC (2015). \n http:\/\/csrc.nist.gov\/groups\/ST\/ecc-workshop-2015\/papers\/session4-flori-jean-pierre.pdf"},{"key":"6_CR25","doi-asserted-by":"publisher","first-page":"671","DOI":"10.1112\/S0024610700001502","volume":"62","author":"SD Galbraith","year":"2000","unstructured":"Galbraith, S.D., McKee, J.: The probability that the number of points on an elliptic curve over a finite field is prime. J. London Math. Soc. 62, 671\u2013684 (2000)","journal-title":"J. London Math. Soc."},{"key":"6_CR26","unstructured":"Gaudry, P., Thom\u00e9, E.: The mpFq library and implementing curve-based key exchanges. In: SPEED: Software Performance Enhancement for Encryption and Decryption, pp. 49\u201364 (2007). \n http:\/\/www.loria.fr\/gaudry\/papers.en.html"},{"key":"6_CR27","unstructured":"Granville, A.: Smooth Numbers: Computational Number Theory and Beyond, pp. 267\u2013323. Cambridge University Press (2008). \n http:\/\/en.scientificcommons.org\/43534098\n \n , \n http:\/\/www.math.leidenuniv.nl\/ psh\/ANTproc\/09andrew.pdf"},{"key":"6_CR28","unstructured":"Institute of Electrical and Electronics Engineers: IEEE 1363\u20132000: Standard specifications for public key cryptography (2000)"},{"key":"6_CR29","unstructured":"Kelsey, J.: Choosing a DRBG algorithm (2003?). \n https:\/\/github.com\/matthewdgreen\/nistfoia\/blob\/master\/6.4.2014"},{"key":"6_CR30","unstructured":"LaMacchia, B., Costello, C.: Deterministic generation of elliptic curves (a.k.a. \u201cNUMS\" curves) (2014). \n https:\/\/www.ietf.org\/proceedings\/90\/slides\/slides-90-cfrg-5.pdf"},{"key":"6_CR31","unstructured":"Langley, A., Moon, A.: Implementations of a fast elliptic-curve digital signature algorithm (2013). \n https:\/\/github.com\/floodyberry\/ed25519-donna"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Lochter, M., Merkle, J.: RFC 5639: Elliptic curve cryptography (ECC) Brainpool standard curves and curve generation (2010)","DOI":"10.17487\/rfc5639"},{"key":"6_CR33","unstructured":"Lochter, M., Merkle, J., Schmidt, J.M., Sch\u00fctze, T.: Requirements for standard elliptic curves (2014), position Paper of the ECC Brainpool. \n http:\/\/www.ecc-brainpool.org\/20141001_ECCBrainpool_PositionPaper.pdf"},{"issue":"3","key":"6_CR34","doi-asserted-by":"crossref","first-page":"1041","DOI":"10.1215\/ijm\/1258131069","volume":"48","author":"F Luca","year":"2004","unstructured":"Luca, F., Mireles, D.J., Shparlinski, I.E.: MOV attack in various subgroups on elliptic curves. Illinois J. Math. 48(3), 1041\u20131052 (2004)","journal-title":"Illinois J. Math."},{"key":"6_CR35","unstructured":"Mah\u00e9, E.M., Chauvet, J.M.: Fast GPGPU-based elliptic curve scalar multiplication (2014). \n https:\/\/eprint.iacr.org\/2014\/198.pdf"},{"key":"6_CR36","unstructured":"Merkle, J.: Re: [Cfrg] ECC reboot (Was: When\u2019s the decision?) (2014). \n https:\/\/www.ietf.org\/mail-archive\/web\/cfrg\/current\/msg05353.html"},{"key":"6_CR37","unstructured":"National Institute for Standards and Technology: FIPS PUB 186\u20132: Digital signature standard (2000)"},{"key":"6_CR38","unstructured":"National Institute for Standards and Technology: FIPS PUB 186\u20134: Digital signature standard (DSS) (2013)"},{"key":"6_CR39","unstructured":"National Security Agency: Suite B cryptography \/ cryptographic interoperability (2005). \n https:\/\/web.archive.org\/web\/20150724150910\/www.nsa.gov\/ia\/programs\/suiteb_cryptography\/"},{"key":"6_CR40","unstructured":"State Commercial Cryptography Administration (OSCCA), China: Public key cryptographic algorithm SM2 based on elliptic curves, December 2010. \n http:\/\/www.oscca.gov.cn\/UpFile\/2010122214822692.pdf"},{"key":"6_CR41","unstructured":"State Commercial Cryptography Administration (OSCCA), China: Recommanded curve parameters for public key cryptographic algorithm SM2 based on elliptic curves, December 2010. \n http:\/\/www.oscca.gov.cn\/UpFile\/2010122214836668.pdf"},{"key":"6_CR42","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1215\/ijm\/1255631807","volume":"6","author":"JB Rosser","year":"1962","unstructured":"Rosser, J.B., Schoenfeld, L.: Approximate formulas for some functions of prime numbers. Illinois J. Math. 6, 64\u201394 (1962)","journal-title":"Illinois J. Math."},{"key":"6_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/978-3-319-05960-0_3","volume-title":"Reconfigurable Computing: Architectures, Tools, and Applications","author":"P Sasdrich","year":"2014","unstructured":"Sasdrich, P., G\u00fcneysu, T.: Efficient elliptic-curve cryptography using Curve25519 on reconfigurable devices. In: Goehringer, D., Santambrogio, M.D., Cardoso, J.M.P., Bertels, K. (eds.) ARC 2014. LNCS, vol. 8405, pp. 25\u201336. Springer, Heidelberg (2014)"},{"key":"6_CR44","unstructured":"Scott, M.: Re: NIST announces set of Elliptic Curves (1999). \n https:\/\/groups.google.com\/forum\/message\/raw?msg=sci.crypt\/mFMukSsORmI\/FpbHDQ6hM_MJ"},{"key":"6_CR45","series-title":"Graduate Texts in Mathematics","doi-asserted-by":"crossref","DOI":"10.1007\/978-0-387-09494-6","volume-title":"The Arithmetic of Elliptic Curves","author":"JH Silverman","year":"2009","unstructured":"Silverman, J.H.: The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106. Springer, New York (2009)"},{"key":"6_CR46","unstructured":"Stein, W., et al.: Sage Mathematics Software (Version 6.1.1). The Sage Development Team (2014). \n http:\/\/www.sagemath.org"},{"key":"6_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/978-3-662-48324-4_5","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2015","author":"M Hutter","year":"2015","unstructured":"Hutter, M., Schilling, J., Schwabe, P., Wieser, W.: NaCl\u2019s crypto\n \n \n \n $$\\_$$\n \n \n _\n \n \n box in hardware. In: G\u00fcneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 81\u2013101. Springer, Heidelberg (2015)"},{"key":"6_CR48","unstructured":"Wikipedia: Nothing up my sleeve number (2015). \n http:\/\/www.en.wikipedia.org\/wiki\/Nothing_up_my_sleeve_number\n \n . Accessed 20 May 2015"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-27152-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T17:06:37Z","timestamp":1559322397000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-27152-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319271514","9783319271521"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-27152-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}