PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Support for Ed448-Goldilocks

Jul 9, 2015 17:07
Nicholas Wilson

Earlier this year, the IETF's CFRG agreed provisionally to go forward with Ed-448 as a higher-security-level complement to curve25519.

See mailing list post, and also draft-irtf-cfrg-curves-02.txt.

I'd be interested in having Ed448 support in PolarSSL, and I'm happy with a similar level of support to curve25519 (ie, I don't need any high-level functions).

I'd be happy to start hacking around with it; it works fine to begin with just using the unoptimised modp reduction, and hopefully I'll have some time to have a go making a slightly faster routine to take advantage of the prime's structure, similar to the fast reducer currently implemented for curve25519.

Is this something on your distant roadmap as well?

Jul 9, 2015 17:33
Manuel Pégourié-Gonnard

It's definitely on our radar, as we've been following the CFRG discussion closely, but adding support in mbed TLS is not on the short-term roadmap just yet. So if you feel like starting work on it, your contribution would be welcome.

Nov 10, 2015 13:21
Nicholas Wilson


I'm not an expert in ECC by any means, but I've posted what I've done as a PR here: https://github.com/ARMmbed/mbedtls/pull/348

It's just a starting point to get things going, I don't mind if the PR is closed if the team comes up with a better patch!

The take-away is that it's pretty easy to add support in a few lines of code, given how similar Curve25519 and Curve448 are.

Regards, Nick

Jan 23, 2016 19:15

I saw the posts on github including the recent IETF standards changes made yesterday.

It would be nice to have this Ed448 Goldilocks curve support added into the full release.

Is there any update on this ?

Jan 25, 2016 21:27
Simon Butcher


I can confirm this is on our list of planned features, but unfortunately it's not part of our planned feature release at the end of Q1, so will come at some point later.