Skip to main content

BlackBerry's Elliptic Curve 2y^2=x^3+x over Field Size 8^91+5

Document Type Expired Internet-Draft (individual)
Author Daniel R. L. Brown
Last updated 2022-09-22 (Latest revision 2022-03-21)
Stream Independent Submission
Intended RFC status Experimental
Expired & archived
Stream ISE state No Longer In Independent Submission Stream
Consensus boilerplate Unknown
Document shepherd Eliot Lear
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Multi-curve elliptic curve cryptography with curve 2y^2=x^3+x/GF(8^91+5) hedges a risk of new curve-specific attacks. This curve features: isomorphism to Miller's curve from 1985; low Kolmogorov complexity (little room for embedded weaknesses of Gordon, Young-Yung, or Teske); similarity to a Bitcoin curve; Montgomery form; complex multiplication by i (Gallant-Lambert-Vanstone); prime field; easy reduction, inversion, Legendre symbol, and square root; five 64-bit-word field arithmetic; string-as-point encoding; and 34-byte keys. This document aims to contribute to multi-curve Elliptic Curve Cryptography by describing how to use this curve for elliptic curve Diffie--Hellman. Reports of experience and experiments with this curve are encouraged to better understand its security and utility. This document was produced outside the IETF and is not an IETF standard. Publication of this document does not imply endorsement by the IETF of the curve described in this document.


Daniel R. L. Brown

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)