You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -638,7 +638,7 @@ Module-lattice-based algorithms, such as KEM (Key Encapsulation Mechanism) and D
### NUMS
**Microsoft Nothing Up My Sleeve Elliptic curves**
[NUMS](http://www.watersprings.org/pub/id/draft-black-numscurves-01.html) (Nothing Up My Sleeve) curves, which are supported in the MSRElliptic Curve Cryptography Library (a.k.a. MSR ECCLib).
[NUMS](http://www.ietf.org/archive/id/draft-black-numscurves-01.txt) (Nothing Up My Sleeve) curves, which are supported in the MSRElliptic Curve Cryptography Library (a.k.a. MSR ECCLib).
These curves are elliptic curves over a prime field, just like the NIST or Brainpool curves. However, the domain-parameters are choosen using a VERY TIGHT DESIGN SPACE to ensure, that the introduction of a backdoor is infeasable. For a desired size of $s$ bits the prime $p$ is choosen as $p = 2^s - c$ with the smallest $c$ where $c>0$ and $p$ mod 4 = 3 and $p$ being prime.
