Page MenuHome GnuPG

gcry_mpi_ec_mul with Montgomery curves produces segfault
Closed, ResolvedPublic

Description

I've been trying to implement ECDH with Curve25519 and have been running into some problems. The attached code demonstrates that given valid input the libgcrypt function gcry_mpi_ec_mul produces a segfault. I tried ec_add and got an "Addition not supported for Montgomery curves" fatal error message.

I'm wondering what the best course of action is in trying to implement ECDH efficiently using the libgcrypt library. If the necessary operations are not supported for Curve25519, could you recommend a fully-functional curve in the library that would good for ECDH? Any advice would be much appreciated.

Thanks!

Details

Version
1.7.7

Event Timeline

justus triaged this task as Wishlist priority.Jun 27 2017, 10:55 AM

ECDH on Curve25519 is fully supported in libgcrypt. You can see GnuPG supports ECDH on Curve25519.
Lower layer routines (point addition and point duplication) are not implemented, though.
That's because ECDH only requires point multiplication and it is better to implement point multiplication by Montgomery Ladder for Curve25519.

Actually we plan to provide a more convenient way to perform the DH operation. See for example P7 for the non-elegant way which is required today.