Support for Ed448-Goldilocks
Earlier this year, the IETF's CFRG agreed provisionally to go forward with Ed-448 as a higher-security-level complement to curve25519.
I'd be interested in having Ed448 support in PolarSSL, and I'm happy with a similar level of support to curve25519 (ie, I don't need any high-level functions).
I'd be happy to start hacking around with it; it works fine to begin with just using the unoptimised modp reduction, and hopefully I'll have some time to have a go making a slightly faster routine to take advantage of the prime's structure, similar to the fast reducer currently implemented for curve25519.
Is this something on your distant roadmap as well?
It's definitely on our radar, as we've been following the CFRG discussion closely, but adding support in mbed TLS is not on the short-term roadmap just yet. So if you feel like starting work on it, your contribution would be welcome.
I'm not an expert in ECC by any means, but I've posted what I've done as a PR here: https://github.com/ARMmbed/mbedtls/pull/348
It's just a starting point to get things going, I don't mind if the PR is closed if the team comes up with a better patch!
The take-away is that it's pretty easy to add support in a few lines of code, given how similar Curve25519 and Curve448 are.
I saw the posts on github including the recent IETF standards changes made yesterday.
It would be nice to have this Ed448 Goldilocks curve support added into the full release.
Is there any update on this ?
I can confirm this is on our list of planned features, but unfortunately it's not part of our planned feature release at the end of Q1, so will come at some point later.