Issue with creating ECPoint on "Secp256R1" Curve

[jainchethan87]

I am trying to create a ECPoint on standard Elliptic Curve "Secp256R1" domain parameters. It works fine some time, but when the values for x or y is negative, it throws an exception.

This is the code: eccurve.Curve.CreatePoint(X, Y); X and Y are BigIntegers

Since X and Y are points on the curve (Its validated on the other end) why does it not accept them? I am generating X and Y using a different library (micro ecc)

Please suggest.

[Xor-el]

@jainchethan87 , when constructing the BigIntegers, create them as positive BigIntegers. ECPoint arithmetic is built on the notion of positive integers.

[jainchethan87]

Since the public Key is a point on the curve, it feels like X and / or Y can be negative. Any reason Why does BC does not let me create such points?

[FreeSMIME]

Yes, @jainchethan87 because negative numbers were part of the transaction malleability issue that brought down MtGox.

[Xor-el]

Since the public Key is a point on the curve, it feels like X and / or Y can be negative. Any reason Why does BC does not let me create such points?

Because that on it's own is a security risk. If I remember correctly, OpenSSL took the same approach as bouncy castle sometime back.

[bcgit]

X and Y can't be negative. One thing to watch though is that ASN.1 integers and BigInteger always treat byte arrays as signed. Some system's don't and in this case you need to prepend a zero byte when the top bit is set to stop other parties from thinking the number is actually negative. BigInteger also has a 2 arg constructor which takes a sign (1 if positive) and a byte string to avoid this.

[jainchethan87]

That's what probably is, i am prepending a zero and it seems to work. Thanks for the info.

BTW, the current implementation of JPAKE in bouncy Castle is over Finite Field right? DO you have plans to implement over Elliptic Curve? Please let me know.