ECCelerate™ 6.3

Tries to get algorithm name got from algorithm identifier.

HMAC-based Extract-and-Expand Key Derivation Function (HKDF) according RFC 5869.

ECDH, EdDH KeyAgreement support for HKDF key derivation function.

Also accepts Edwards curve key names starting with “X”.

Method getParameterSpec() returns an ECGenPameterSpec with the OID String (if the name is not set) since JSSE expects that an ECGenPameterSpec with the OID String is returned when calling ECParameters.getParameterSpec(ECGenParameterSpec.class); otherwise the handshake may fail (JDK 11.0.7) or ecdsa_sha1 may be used instead of ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384 or ecdsa_secp521r1_sha512

Switch for ECPoint so that all functions work in-place if set to true

ExtensionFieldElement added exponentiateOutOfPlace function

Restored backwards compatibility

Rework curve parameter storage for better maintainability.

Ensure that multiplyPoint always works in-place as documented.

Ensure that exponentiate always works in-place as documented.

Set default point encoding to uncompressed. Some standards and RFC (e.g. RFC5480) require only support for uncompressed points. Changing the default back to uncompressed points increases the interoperability with libraries not supporting optional point compression. Point compressesions can be enabled using ECCelerate.enablePointCompression(true);

Correctly handle ByteBuffers without underlying arrays.

Fix multi-threaded evaluation of pairings involving shared instances of points.

Fix instantiation of the ECCelerate provider and Pairing instances in a multi-threaded environment.

Add support for EdDSA using curves Ed25519 and Ed448 (RFC8032). Since some proposed RFCs are not finalized at the time of the release, we consider the current implementation as experimental. Please note that OneAsymmetricKey-encoded private keys containing the corresponding public key are only supported if IAIK JCE 5.52 or newer is used. Some interfaces might change in the future, so we recommend to follow the examples in the tutorial to be unaffected by future changes in the interface.

Add support for X25519 and X448. We note that comments regarding EdDSA support also apply here.

Add support for deterministic signing (RFC6979).

Add method to evaluate pairing products more efficiently.

Fix Specification-Version of JAR files.

Fix hashToPoint() producing points outside the group for some Barreto-Naehrig curves.

Fix incorrect points returned for large scalars when using the Comb scalar multipliers.

Since EdDSA and X25519/X448 require features from newer IAIK JCE versions, ECCelerate now depends on IAIK JCE 5.51 or later.

JAR files are now signed with old (for supporting old DSA JCE Root CA) and new (for supporting new RSA JCE Root CA) IAIK-JCE provider certificates. The new certificate provides a stronger protection (SHA256withRSA) than the old one (SHA1withDSA). The new JCE Root CA is effective for Java versions 8u121, 7u131, 6u141 upwards. To support other (former) Java versions the JAR files must be signed with the old provider certificate, too.

Fix regression when verifying multiple signatures in parallel.

Fix regression when exponentiating with an int larger than 63.

Fix encoding of pentanonimals when explicitly encoding curve parameters.

Fix cofactor check to use the correct security level.

Improve loading of addon algorithms and data.

Improve test coverage of serialization and deserialization functions.

Add support for curves from FIDO ECDAA Draft 02 February 2017.

Throw an exception on unknown named Barreto-Naehrig curves.

Performance improvements in binary curve implementations.

Set visibility back to public.

Fix instantiation of curves and extension fields in Barreto-Naehrig curve factories. As a side-effect, this change reduces memory consumption when using pairings.

Added support for SHA-3 variants of ECDSA (requires IAIK JCE version 5.3 or later).

Tremendous performance improvements in prime field implementations.

Tremendous performance improvements due to switch to fixed size multi-precision integer implementation.

Performance improvements in binary curve implementations.

Improvements in scalar multipliers.

Added support for ISO_P512, DSD_P256, TPM_ECC_BN_P256 and TPM_ECC_BN_P512 curves.

Added support for basic side-channel protection.

Added speed-ups for SECP-exclusive (i.e., secp*k1) prime curves to addon.

Added more curve parameters (for legacy support from older standards).

Now requires Java 6 or newer.

Moved some speed-ups (that is, fixed-base comb multipliers) to the base package since the patent expired.

Bug fixes in ECMQV, ECIES and ECDH.

Minor bug fixes.

Allow one to specify more custom parameters.

Provide implementation of engineGetKeySize.

Fix shared key generation for ecka_eg_X963KDF_SHA384/512.

Fix computation of buffer lengths.

Fixed possible NullPointerException with JDK8

Added support for asymmetric pairings over Barreto-Naehrig curves:

• Type-2 and Type-3 pairings.
• Support for 160-bit to 638-bit Barreto-Naehrig curves.
• Constant-time hashing to both curve groups.

Up to ~24% performance improvements for NIST prime curves

Up to ~15% performance improvements for binary curves

Drastically reduced overall memory consumption

Set default point encoding to COMPRESSED

Fixed compatiblity issues with JDK8 (which requests curves via OIDs)

engineGenerateSecret: recognizes algorithm “TLSPremasterSecret” as used by JSSE 1.6

Added more methods for curve arithmetic in wrapper class

Fixed problem with RFC 5915 compliance

Fixed length of encoding in last phase

Further bugfixes

Point compression now also available in non-addon version!

High overall performance improvements (up to 15%)!

Reduced memory consumption!

Tremendous performance improvements for ECCelerate w/o addon: Up to 3.7x in case of NIST binary curves and up to 3.2x in case of NIST prime curves!

Tremendous performance improvements for secp160k1, secp160r1, secp160r2, secp192k1, secp224k1 and secp256k1 curves!

Performance improvements for the Brainpool curves!

Several bugfixes related to binary Koblitz curves and non-default optimization levels (Addon)

Fixed bug in ECIES implementation related to HMAC/SHA, XOR modes

Javadoc corrections

Support for BSI TR-03109

ECCelerateProvider no longer final.

ECCelerateProvider no longer final.

Fixed rarely occurring bug in arithmetical subroutine.

Slight performance improvements.

Reduced memory consumption in some situations.

Minor bugfixes.

Some Javadoc corrections.

Support for multiple simultaneous scalar multiplications.

FIPS 186-4 compliance.

jar files signed with new JCE code signing certificate.

additional signed jar files with the Trusted-Library attribute.

Added curve FRP256v1.

Lots of (minor) performance improvements.

Some small bugfixes.

ECMQV protocol implemented (addon only).

ECIES protocol implemented.

Fast Koblitz curve implementations (addon only).

(Re)included P-160, secp160k1, secp160r2 curves.

Tremendous performance improvements for secp*k1 curves.

Check for SP800-57 recommended parameters no longer turned on by default. Furthermore, the FIPS-186 PRNGs are now being used by default for key generation.

Tremendously improved performance of some prime field implementations (Brainpool and P-256, P-512 if addon not enabled)

Lots of minor performance improvements, slightly reduced memory footprint and some minor bugfixes.

In some cases equals() returned incorrect results.

Moved types KDFParameterSpec, KeyDerivationFunction, X963ASN1SharedInfo, X963KDFParameterSpec, and X963KeyDerivationFunction to package iaik.security.ec.common

Optimization levels now affect the whole library, not only addon-related algorithms.

Minor bugfixes and javadoc corrections.

Tremendous performance improvements for prime SECG curves (up to 79%).

Up to 10% better performance for prime curve ECDSA (regardless of addon).

Non-addon version: up to 88% better performance for prime curve ECDSA.

Non-addon version: removed concurrent ECDSA signature verifications, due to performance penalties because of synchronization.

Fixed detection of invalid inputs to newElement().

Fixed detection of invalid inputs to newElement().

Introduced performance profiles that allow the user to set the memory/computation time tradeoff for ECDSA signature generations using the addon

Using the default performance profile, ECDSA signature generation is 50% faster compared to version v1.03

Performance improvements of scalar multipliers using precomputations shipped with the addon

Small performance improvements of WNAF scalar multiplier

Small performance improvements of ECDSA verifications

Improved overall performance by 5-10%

Added trademark

Removed carry-propagation bug in multiprecision integer addition routine

Corrected misspelling: renamed EllipticCurve.constainsPoint() to EllipticCurve.containsPoint()

Fixed severe performance problems, which only occur in 32-bit Windows JVM, due to bad clone() performance

Fixed problems with obfuscator that led to truncated throws declarations

Fixed potential NullPointerException() thrown in some equals() implementations

Added demo to illustrate addon registration process

ECStandardizedParameterFactory now sets the curve’s generator in method getParamSpec()

On verify the security strength of involved algorithms and parameters is no longer checked

Added new methods: enforceSP80057Recommendations() and areSP80057RecommendationsEnforced(). enforceSP80057Recommendations() allows the user to disable the security strength checks recommended by NIST SP800-57 for algorithms and parameters used in combination with ECDSA. Note that these checks are enabled by default

Fixed byte[] to BigInteger conversion problem in decode()

Improved overall code robustness

Type of CHARACTERISTIC_TWO_*_OID members changed from String to ObjectID

Bug removed, where CHARACTERISTIC_TWO_GN_BASIS_OID was passed as String to the encoding routine and not as ObjectID

Improved ECDSA verify performance

Bugfix in reduction routine of prime Field Fp521 in addon

ECKeyFactory can now deal with java.security.spec.EC*KeySpec

ECParameterSpec.getParameterSpec(params) no longer loses the OID, if params is instance of IAIK ECParameterSpec

Overall performance improvements (up to 20%) due to simplified handling of precomputations.

Added comprehensive parameter checks.

The addon is now loaded automatically, if the file iaik_eccelerate_addon.jar is located in the same directory as iaik_eccelerate.jar.

ECKeyFactory can now deal with all kinds of encoded EC keys.

Fixed missing precomputations.

Fixed missing precomputations.

Renamed package to iaik.security.ec.common.math.curve

Added more algorithm aliases.

Fixed bug that prevented ECParameterSpec.decode(ASN1Object) from decoding OIDs.

Previously, SecurityStrength only recognized SPI-based SecureRandoms.

Renamed class to ECCelerate.

Renamed class to ECCelerateProvider.

Renamed class to ECCelerateProvider.

First release of the new IAIK ECCelerate crypto library