Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
*
Bookmark and Share

Workshop on Elliptic Curve Cryptography Standards

Purpose:

Elliptic curve cryptography will be critical to the adoption of strong cryptography as we migrate to higher security strengths. NIST has standardized elliptic curve cryptography for digital signature algorithms in FIPS 186 and for key establishment schemes in NIST Special Publication 800-56A. 

In FIPS 186-2, NIST recommended 15 elliptic curves of varying security levels for use in these elliptic curve cryptography standards. The provenance of the curves was not fully specified, leading to recent public concerns that there could be a hidden weakness in these curves. We remain confident in their security and are not aware of any significant attacks on the NIST curves when used as described in our standards and implemented correctly. 

However, more than 15 years has passed since these curves were developed, and the community now knows more about the security of elliptic curve cryptography and practical implementation issues. The current state-of-the-art has advanced. In research and other standards venues, newer curves have been proposed which pursue better performance or simpler and more secure implementations.

The workshop is to provide a venue to engage the crypto community, including academia, industry, and government users to discuss possible approaches to promote the adoption of secure, interoperable and efficient elliptic curve mechanisms.

List of Accepted Presentations Call for Papers (deadline 3/15/2015)

Agenda:

Thursday, June 11, 2015

9:00am - 9:10am Opening Remarks
Donna F. Dodson, ITL Associate Director, Chief Cybersecurity Advisor, and Director of the National Cybersecurity Center of Excellence, NIST
9:10am - 9:55am

Session I: Curve generation methods
Session Chair: John Kelsey, NIST

  1. Efficient ephemeral elliptic curve cryptographic keys  [paper]
    Presented by: Andrea Miele, École Polytechnique Fédérale de Lausanne
  2. A random zoo: sloth, unicorn and trx [paper]
    Presented by: Benjamin Wesolowski, École Polytechnique Fédérale de Lausanne
9:55am - 11:20am

Session II: Industry applications of ECC
Session chair: Andrew Regenscheid, NIST 

  1. Adobe Digital Signatures and Elliptic Curve Cryptography
    Presented by: Steve Gottwals, Adobe
  2. Symantec's view on current state of ECC
    Presented by: Rick Andrews, Symantec
  3. An Efficient Certificate Format for ECC
    Presented by: Warwick Ford, TrustPoint Innovation 
  4. Vehicle to Vehicle Safety Application using Elliptic Curve PKI
    Presented by: Rob Lambert, TrustPoint Innovation
11:20am - 11:50am Coffee Break
11:50am - 12:50pm

Session III: Panel: ECC in industry
Moderator: Andrew Regenscheid, NIST

Panelists: 

  • Brian LaMacchia, Microsoft
  • Dan Brown, Certicom
  • Scott Fluhrer, Cisco
  • Joppe Bos, NXP Semiconductors
12:50pm - 2:00pm Lunch
2:00pm - 3:30pm

Session IV: Criteria for selection of new elliptic curves
Session Chair: Dustin Moody, NIST

  1. Requirements for Elliptic Curves for High-Assurance Applications [paper]
    Presented by: Johannes Merkle, secunet Security Networks AG 
  2. Diversity and Transparency for ECC [paper]
    Presented by: Jean-Pierre Flori, ANSSI
  3. A brief discussion on selecting new elliptic curves [paper]
    Presented by: Craig Costello, Microsoft
  4. Simplicity
    Presented by: Daniel J. Bernstein, University of Illinois at Chicago and Technische Universiteit Eindhoven
3:30pm - 4:00pm Coffee Break
4:00pm - 5:00pm

Session V: Panel: Selection criteria for new standardized curves
Moderator: Dustin Moody, NIST

Panelists:

  • Jean-Pierre Flori, ANSSI
  • Craig Costello, Microsoft
  • Tanja Lange, Technische Universiteit Eindhoven
  • Manfred Lochter, BSI

 

Friday, June 12, 2015

9:00am - 10:50am

Session VI: Hardware and implementation
Session Chair: Rene Peralta, NIST

  1. Elliptic Curves: a Hardware Perspective
    Presented by: Joppe Bos, NXP Semiconductors
  2. Efficient Side-Channel Attacks on Scalar Blinding on Elliptic Curves with Special Structure [paper]
    Presented by: Manfred Lochter, BSI
  3. Fastest Curve 25519 Implementation Ever
    Presented by: Tung Chou, Technische Universiteit Eindhoven
  4. Efficient and Secure Elliptic Curve Cryptography Implementation of curve
    P-256
    [paper]

    Presented by: Mehmet Adalier, Antara Teknik
  5. An Analysis of High-Performance Primes at High-Security Levels [paper]
    Presented by: Patrick Longa, Microsoft
10:50am - 11:20am

Coffee Break

11:20am - 12:30pm

Session VII: New curve proposals
Session Chair: Quynh Dang, NIST

  1. Ed448-Goldilocks, a new elliptic curve [paper]
    Presented by: Michael Hamburg, Rambus Cryptography Research
  2. Curve 41417: fast, highly secure and implementation-friendly curve
    Presented by: Chitchanok Chuengsatiansup, Technische Universiteit Eindhoven
  3. FourQ: four dimensional decompositions on a Q-curve over the Mersenne
    prime
     [paper]

    Presented by: Craig Costello, Microsoft
12:30pm - 1:30pm

Lunch

1:30pm - 2:45pm

Session VIII: Standardization
Session Chair: Tim Polk, NIST

  1. CFRG Work on Curves
    Presented by: Stephen Farrell, Trinity College Dublin/IETF Security Area Director
  2. Panel: Standardization efforts
    Moderator: Tim Polk, NIST

    Panelists:  
    • Stephen Farrell, Trinity College Dublin/
     IETF Security Area Director

    • Dan Brown, Certicom
    • Lily Chen, NIST
    Rene Struik, Struik Security Consultancy
2:45pm - 3:15pm

Session IX: NIST Discussion
Session Chair: Lily Chen, NIST

3:15pm 

Meeting Adjourn

Security Instructions:

You will need a government-issued photo ID (e.g., passport or driver's license) when you check into the Visitors Center at the entrance of NIST. If you will be driving, please bring your Vehicle Registration card also.

PLEASE NOTE: Effective July 21, 2014, under the REAL ID Act of 2005 (http://www.dhs.gov/real-id-public-faqs), agencies, including NIST, can only accept a state-issued driver's license or identification card for access to federal facilities if issued by states that are REAL ID compliant or have an extension. More info

Details:

Start Date: Thursday, June 11, 2015
End Date: Friday, June 12, 2015
Location: Administration Bldg./Green Auditorium
Audience: Industry, Government, Academia
Format: Workshop

Registration:

In-person registration is now closed. There is no on-site registration for meetings held at NIST.

webcast

WEBCAST: The workshop will be webcast starting at 9:00am EST, on June 11, 2015. Please visit this page the morning of the workshop to access the webcast.

Registration is not required to view the webcast. However, if you would like to register, and have a reminder and link to the webcast sent to you, you can do so at the ECC Webcast Registration Page. This registration link is only for webcast participation.

Tweet your comments and questions using the event hashtag #ECCworkshop and/or send email to ellipticcurves@nist.gov.

Accommodations:

Hilton Gaithersburg
620 Perry Parkway
Gaithersburg, MD 20877
+301-977-8900
Group Code: NIST

$139/night
includes high-speed internet, continental breakfast, and shuttle to/from NIST campus.

Book Online

Shuttle Schedule
The shuttle will depart the hotel at 8:15 a.m. each morning and travel to NIST. The shuttle will return to the hotel at the end of each meeting day.


Security Information:
You will need a government-issued photo ID (e.g., passport or driver's license) when you check into the Visitors Center at the entrance of NIST. If you will be driving, please bring your Vehicle Registration card also.

PLEASE NOTE: Effective July 21, 2014, under the REAL ID Act of 2005 (http://www.dhs.gov/real-id-public-faqs), agencies, including NIST, can only accept a state-issued driver's license or identification card for access to federal facilities if issued by states that are REAL ID compliant or have an extension. More info

Technical Contact:

ellipticcurves@nist.gov

General Workshop Inquiries:
sara@nist.gov