Implement additional elliptic curves

[bwbush]

See https://github.com/paulmillr/noble-curves/blob/main/src/secp256k1.ts, for example.

[bwbush]

From OpenAI . . .

Several elliptic curves have become widely adopted as cryptographic standards due to their security, efficiency, and well-vetted properties. These curves are used in a variety of cryptographic protocols, including encryption, digital signatures, key exchange, and more.

1. Secp256k1

• Standard: Used in Bitcoin and other cryptocurrencies.
• Equation: ( y^2 = x^3 + 7 ) over the prime field ( \mathbb{F}_p ), where ( p = 2^{256} - 2^{32} - 977 ).
• Field Size: 256-bit prime field.
• Group Order: ( n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 ).
• Uses: Primarily used in Bitcoin for ECDSA (Elliptic Curve Digital Signature Algorithm) and Elliptic Curve Diffie-Hellman (ECDH).
• Special Property: Lacks a "twist security" feature, but it is still widely used because of its high adoption in blockchain-based applications, especially in Bitcoin.

2. P-256 (also known as secp256r1)

• Standard: Specified by the NIST (National Institute of Standards and Technology) and included in the FIPS 186-4 and ANSI X9.62 standards.
• Equation: ( y^2 = x^3 - 3x + b ) over the prime field ( \mathbb{F}_p ), where ( p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 ).
• Field Size: 256-bit prime field.
• Group Order: ( n = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 ).
• Uses: Common in various security protocols like TLS (Transport Layer Security), HTTPS, and digital signatures. It is often used in commercial products for secure communications.
• Special Property: Designed with comprehensive security evaluations by NIST.

3. P-384 (also known as secp384r1)

• Standard: NIST curve from the FIPS 186-4 standard.
• Equation: ( y^2 = x^3 - 3x + b ) over the prime field ( \mathbb{F}_p ), where ( p = 2^{384} - 2^{128} - 2^{96} + 2^{32} - 1 ).
• Field Size: 384-bit prime field.
• Group Order: ( n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973 ).
• Uses: Used in security protocols requiring a higher security margin than P-256, such as government applications, financial institutions, and TLS in high-security environments.
• Special Property: Provides a higher security level (192-bit security) than P-256, and is commonly used when more security is needed.

4. P-521 (also known as secp521r1)

• Standard: NIST curve from the FIPS 186-4 standard.
• Equation: ( y^2 = x^3 - 3x + b ) over the prime field ( \mathbb{F}_p ), where ( p = 2^{521} - 1 ).
• Field Size: 521-bit prime field.
• Group Order: ( n = 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ).
• Uses: Similar to P-384 but for applications requiring even more security, such as in military, diplomatic communications, or high-assurance applications.
• Special Property: Highest level of security among the NIST curves, providing 256-bit security.

5. Curve25519

• Standard: Proposed by Daniel J. Bernstein; widely used and standardized in RFC 7748 for key exchange.
• Equation: ( y^2 = x^3 + 486662x^2 + x ) over the prime field ( \mathbb{F}_p ), where ( p = 2^{255} - 19 ).
• Field Size: 255-bit prime field.
• Uses: Primarily used for Elliptic Curve Diffie-Hellman (ECDH), especially in modern cryptographic protocols such as TLS 1.3, Signal, WireGuard VPN, and other secure communication protocols.
• Special Property: Highly efficient and secure, designed to avoid side-channel attacks. Known for its ease of implementation and its robustness against many forms of cryptographic attacks.

6. Ed25519

• Standard: An EdDSA (Edwards-curve Digital Signature Algorithm) scheme based on Curve25519, standardized in RFC 8032.
• Equation: Uses the twisted Edwards curve ( -x^2 + y^2 = 1 + dx^2y^2 ), where ( d = -121665/121666 ) over the prime field ( \mathbb{F}_p ) with ( p = 2^{255} - 19 ).
• Field Size: 255-bit prime field.
• Uses: Commonly used for digital signatures in modern cryptographic applications like SSH, TLS, and blockchain-based systems.
• Special Property: Provides fast, secure, and deterministic signatures with strong security properties, including resistance to side-channel attacks.

7. BLS12-381

• Standard: Part of the Barreto-Lynn-Scott (BLS) family of pairing-friendly curves, used for pairing-based cryptography.
• Equation: A pairing-friendly curve that enables efficient bilinear pairings.
• Field Size: 381-bit prime field.
• Uses: Widely used in advanced cryptographic protocols, especially in zero-knowledge proofs, zk-SNARKs, aggregate signatures, and cryptographic proofs in blockchain systems (e.g., Ethereum 2.0).
• Special Property: Supports efficient bilinear pairings, making it ideal for applications that rely on complex cryptographic proofs and efficient multi-party computations.

8. Brainpool Curves (e.g., BrainpoolP256r1, BrainpoolP384r1)

• Standard: Defined in RFC 5639 by the Brainpool consortium.
• Equation: Uses curves of the form ( y^2 = x^3 + ax + b ) with different prime field sizes (e.g., 256-bit, 384-bit).
• Uses: Employed in cryptographic protocols, especially in European security environments. Considered an alternative to NIST curves.
• Special Property: These curves were generated using publicly verifiable parameters to avoid concerns about potential hidden vulnerabilities in curves like the NIST curves.

Summary Table:

Curve Name	Field Size	Group Order (Security Level)	Key Uses
Secp256k1	256-bit	( \approx 2^{256} ) (128-bit security)	Cryptocurrencies, Blockchain (e.g., Bitcoin)
P-256	256-bit	( \approx 2^{256} ) (128-bit security)	TLS, HTTPS, general cryptography
P-384	384-bit	( \approx 2^{384} ) (192-bit security)	TLS, government, financial systems
P-521	521-bit	( \approx 2^{521} ) (256-bit security)	High-security applications, military
Curve25519	255-bit	( \approx 2^{255} ) (128-bit security)	ECDH, TLS 1.3, Signal, WireGuard
Ed25519	255-bit	( \approx 2^{255} ) (128-bit security)	Digital signatures (SSH, TLS, blockchain)
BLS12-381	381-bit	( \approx 2^{381} ) (128-bit security)	Pairing-based crypto, zk-SNARKs, Ethereum 2.0
BrainpoolP256r1	256-bit	( \approx 2^{256} ) (128-bit security)	Alternative to NIST curves, European applications

Conclusion:

The most prominently used elliptic curves include those standardized by NIST (P-256, P-384, P-521), Curve25519 and its signature variant Ed25519, and secp256k1 (especially in cryptocurrencies). For pairing-based cryptography, BLS12-381 is widely used in advanced cryptographic protocols. Each curve is designed for different cryptographic needs and security levels, depending on the use case and efficiency requirements.