Support point compression in Libgcrypt
Open, NormalPublic


Given that the patents on point compression expired a few years ago, Libgcrypt should support standard point compression. In particular gcry_mpi_ec_get_mpi should support it, so that we can put a compressed point into the subjectKeyIdentifier as generated by gpgsm.

werner created this task.May 19 2020, 2:25 PM

We will need this for 1.9

gniibe added a subscriber: gniibe.EditedJul 10 2020, 3:40 AM

What kind of API should we offer?
(1) offering something like q@comp name for gcry_mpi_ec_get_mpi
If the intended use case will be in create_request function in gpg/sm/certreqgen.c, the 'q' is already generated in the form of SEXP.
It is up to an application (gpgsm), to convert non-compressed point representation to compressed point representation, here.

(2) keygen supporting (flag comp) for classic curves to ask compressed point representation for q, and support of compressed point representation for other places.

Perhaps, (2)?

I'm afraid this will introduce requirement of libgcrypt 1.9 for gpg.

gniibe claimed this task.Jul 10 2020, 3:40 AM
gniibe added a comment.EditedJul 10 2020, 8:19 AM


(3) _gcry_ecc_os2ec in libgcrypt/cipher/ecc-misc.c should be modified to support parsing compressed representation.

I think that retrieving a parameter in compressed format is all what we need as per API.

Creating is not that useful - we prefer modern curves anyway.

gniibe added a comment.EditedJul 13 2020, 10:06 AM
  • compressed representation of EC point can be used in:
    • public key
    • (exporting) private key
    • signature
    • ECDH ephemeral key
  • Accepting compressed representation,for the initial implementation, I'd like to limit our effort for curves of NIST and Brainpool, except NIST P-224, which p = 3 mod 4.