Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Workshop on Elliptic Curve Cryptography Standards

Elliptic curve cryptography will be critical to the adoption of strong cryptography as we migrate to higher security strengths. NIST has standardized elliptic curve cryptography for digital signature algorithms in FIPS 186 and for key establishment schemes in NIST Special Publication 800-56A. 

In FIPS 186-2, NIST recommended 15 elliptic curves of varying security levels for use in these elliptic curve cryptography standards. The provenance of the curves was not fully specified, leading to recent public concerns that there could be a hidden weakness in these curves. We remain confident in their security and are not aware of any significant attacks on the NIST curves when used as described in our standards and implemented correctly. 

However, more than 15 years has passed since these curves were developed, and the community now knows more about the security of elliptic curve cryptography and practical implementation issues. The current state-of-the-art has advanced. In research and other standards venues, newer curves have been proposed which pursue better performance or simpler and more secure implementations.

The workshop is to provide a venue to engage the crypto community, including academia, industry, and government users to discuss possible approaches to promote the adoption of secure, interoperable and efficient elliptic curve mechanisms.

List of Accepted PresentationsCall for Papers (deadline 3/15/2015)


Thursday, June 11, 2015

9:00am - 9:10amOpening Remarks
Donna F. Dodson, ITL Associate Director, Chief Cybersecurity Advisor, and Director of the National Cybersecurity Center of Excellence, NIST
9:10am - 9:55am

Session I: Curve generation methods
Session Chair: John Kelsey, NIST

  1. Efficient ephemeral elliptic curve cryptographic keys  [paper]
    Presented by: Andrea Miele, École Polytechnique Fédérale de Lausanne
  2. A random zoo: sloth, unicorn and trx [paper]
    Presented by: Benjamin Wesolowski, École Polytechnique Fédérale de Lausanne
9:55am - 11:20am

Session II: Industry applications of ECC
Session chair: Andrew Regenscheid, NIST 

  1. Adobe Digital Signatures and Elliptic Curve Cryptography
    Presented by: Steve Gottwals, Adobe
  2. Symantec's view on current state of ECC
    Presented by: Rick Andrews, Symantec
  3. An Efficient Certificate Format for ECC
    Presented by: Warwick Ford, TrustPoint Innovation 
  4. Vehicle to Vehicle Safety Application using Elliptic Curve PKI
    Presented by: Rob Lambert, TrustPoint Innovation
11:20am - 11:50amCoffee Break
11:50am - 12:50pm

Session III: Panel: ECC in industry
Moderator: Andrew Regenscheid, NIST


  • Brian LaMacchia, Microsoft
  • Dan Brown, Certicom
  • Scott Fluhrer, Cisco
  • Joppe Bos, NXP Semiconductors
12:50pm - 2:00pmLunch
2:00pm - 3:30pm

Session IV: Criteria for selection of new elliptic curves
Session Chair: Dustin Moody, NIST

  1. Requirements for Elliptic Curves for High-Assurance Applications [paper]
    Presented by: Johannes Merkle, secunet Security Networks AG 
  2. Diversity and Transparency for ECC [paper]
    Presented by: Jean-Pierre Flori, ANSSI
  3. A brief discussion on selecting new elliptic curves [paper]
    Presented by: Craig Costello, Microsoft
  4. Simplicity
    Presented by: Daniel J. Bernstein, University of Illinois at Chicago and Technische Universiteit Eindhoven
3:30pm - 4:00pmCoffee Break
4:00pm - 5:00pm

Session V: Panel: Selection criteria for new standardized curves
Moderator: Dustin Moody, NIST


  • Jean-Pierre Flori, ANSSI
  • Craig Costello, Microsoft
  • Tanja Lange, Technische Universiteit Eindhoven
  • Manfred Lochter, BSI


Friday, June 12, 2015

9:00am - 10:50am

Session VI: Hardware and implementation
Session Chair: Rene Peralta, NIST

  1. Elliptic Curves: a Hardware Perspective
    Presented by: Joppe Bos, NXP Semiconductors
  2. Efficient Side-Channel Attacks on Scalar Blinding on Elliptic Curves with Special Structure [paper]
    Presented by: Manfred Lochter, BSI
  3. Fastest Curve 25519 Implementation Ever
    Presented by: Tung Chou, Technische Universiteit Eindhoven
  4. Efficient and Secure Elliptic Curve Cryptography Implementation of curve

    Presented by: Mehmet Adalier, Antara Teknik
  5. An Analysis of High-Performance Primes at High-Security Levels [paper]
    Presented by: Patrick Longa, Microsoft
10:50am - 11:20am

Coffee Break

11:20am - 12:30pm

Session VII: New curve proposals
Session Chair: Quynh Dang, NIST

  1. Ed448-Goldilocks, a new elliptic curve [paper]
    Presented by: Michael Hamburg, Rambus Cryptography Research
  2. Curve 41417: fast, highly secure and implementation-friendly curve
    Presented by: Chitchanok Chuengsatiansup, Technische Universiteit Eindhoven
  3. FourQ: four dimensional decompositions on a Q-curve over the Mersenne

    Presented by: Craig Costello, Microsoft
12:30pm - 1:30pm


1:30pm - 2:45pm

Session VIII: Standardization
Session Chair: Tim Polk, NIST

  1. CFRG Work on Curves
    Presented by: Stephen Farrell, Trinity College Dublin/IETF Security Area Director
  2. Panel: Standardization efforts
    Moderator: Tim Polk, NIST

    • Stephen Farrell, Trinity College Dublin/
     IETF Security Area Director

    • Dan Brown, Certicom
    • Lily Chen, NIST
    Rene Struik, Struik Security Consultancy
2:45pm - 3:15pm

Session IX: NIST Discussion
Session Chair: Lily Chen, NIST


Meeting Adjourn

You will need a government-issued photo ID (e.g., passport or driver's license) when you check into the Visitors Center at the entrance of NIST. If you will be driving, please bring your Vehicle Registration card also.

PLEASE NOTE: Effective July 21, 2014, under the REAL ID Act of 2005 (, agencies, including NIST, can only accept a state-issued driver's license or identification card for access to federal facilities if issued by states that are REAL ID compliant or have an extension. More info

Created December 18, 2014, Updated September 21, 2016