Skip to content

Latest commit

 

History

History
98 lines (67 loc) · 3.38 KB

README.md

File metadata and controls

98 lines (67 loc) · 3.38 KB

RustCrypto: NIST P-192 (secp192r1) elliptic curve

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

Pure Rust implementation of the NIST P-192 (a.k.a. secp192r1, prime192v1) elliptic curve.

Documentation

⚠️ Security Warning

Small Key Size!

P-192 provides equivalent strength to a 96-bit symmetric key, which is considered too weak for modern usage.

For more information, see: NIST Special Publication 800-131A Revision 2: "Transitioning the Use of Cryptographic Algorithms and Key Lengths":

ECDSA and EdDSA: The security strength provided by an elliptic-curve-based signature algorithm is no greater than 1/2 of the length of the domain parameter n. Therefore, the length of n shall be at least 224 bits to meet the minimum security-strength requirement of 112 bits for Federal Government use.

Following the recommendations from this document, this crate only provides public key operations intended for legacy interop purposes. There is deliberately no SecretKey, ECDH support, or ECDSA SigningKey.

Unaudited!

The elliptic curve arithmetic contained in this crate has never been independently audited!

This crate has been designed with the goal of ensuring that secret-dependent operations are performed in constant time (using the subtle crate and constant-time formulas). However, it has not been thoroughly assessed to ensure that generated assembly is constant time on common CPU architectures.

USE AT YOUR OWN RISK!

About P-192

NIST P-192 is a Weierstrass curve specified in FIPS 186-4.

Also known as secp192r1 (SECG).

Minimum Supported Rust Version

Rust 1.81 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

  • All on-by-default features of this library are covered by SemVer
  • MSRV is considered exempt from SemVer as noted above

License

All crates licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.