search

w3c / vc-di-ecdsa

Data Integrity specification for ECDSA using NIST-compliant curves
https://w3c.github.io/vc-di-ecdsa/
Other
9 stars 9 forks source link

ECDSA Signature and Curve Definition/Terminology #8

Closed Wind4Greg closed 1 year ago

Wind4Greg commented 1 year ago

As NIST has updated the signature document that includes ECDSA (FIPS 186-5, February 2023). It does not include the definition of curves (P-256 or P-384). These are now defined in NIST SP 800-186, February 2023.

Neither of these documents refer to these curves as secpr1. The document SECG2 contains definitions for curves secp256r1, secp384r1, and secp521r1 which are the same as NIST curves P-256, P-384, and P-521 respectively but the term secpr1 is not in general use. Note that some ECDSA libraries use the secp256r1, secp384r1, and secp521r1 terminology, others use the P-256, P-384, and P-521 terminology, and some use both.

Would recommend removing the secpr1 term from the document. Use the more modern NIST P-256, P-384, etc... terminology in general and add a note on the equivalence to the secp256r1 and other curves.

If there is agreement I can come up with a PR

Cheers Greg

dlongley commented 1 year ago

I agree the document should be updated. I recommend we just use P-256 and P-384 to keep it simple throughout and I'm fine with a single note somewhere, if people feel it's necessary, on equivalence with other prevalent names.