MSR Elliptic Curve Cryptography Library

Established: June 27, 2014

MSR ECCLib is an efficient cryptography library that provides functions for computing essential elliptic curve operations on a new set of high-security curves.  All computations on secret data exhibit regular, constant-time execution, providing protection against timing and cache attacks.  The library is available for download below.

Library Features

  • MSR ECCLib supports six high-security elliptic curves proposed in [2], which cover three security levels (128-, 192-, and 256-bit security) and two curve models. The curves have a very simple and deterministic generation with minimal room for parameter manipulation.
  • It includes support for ECC functions necessary to implement most popular elliptic curve-based schemes. In particular, MSR ECCLib supports the computation of scalar multiplication for the six curves above in three variants:
    • Variable-base scalar multiplication (e.g., this is used for computing the shared key in the Diffie-Hellman key exchange).
    • Fixed-base scalar multiplication (e.g., this is used for key generation in the Diffie-Hellman key exchange).
    • Double-scalar multiplication. This operation is typically used for verifying signatures.
  • MSR ECCLib offers full protection against timing and cache attacks by executing crypto-sensitive operations in constant-time with no correlation between timing and secret data.
  • It achieves high performance without compromising security, portability and usability.
  • MSR ECCLib is supported on a range of platforms, including x64, x86, and ARM devices running Windows or Linux.

New in Version 2.0

  • Based upon feedback, MSR ECCLib 2.0 replaces the original twisted Edwards curves that were proposed in [1] with new twisted Edwards curves with a complete addition law.  See [2] and [3] for full details.

People

Publications

Other

References

[1] Joppe W. Bos, Craig Costello, Patrick Longa and Michael Naehrig, “Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis,” in Journal of Cryptographic Engineering, 2015.

[2] Joppe Bos, Craig Costello, Patrick Longa, and Michael Naehrig, “Specification of Curve Selection and Supported Curve Parameters in MSR ECCLib,” Microsoft Research Tech Report.

[3] Craig Costello, Patrick Longa, and Michael Naehrig, “A brief discussion on selecting new elliptic curves,” Microsoft Research Tech Report MSR-TR-2015-46