RFC Errata

Errata Search

Source of RFC
Summary Table Full Records

RFC 5639, "Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation", March 2010

Source of RFC: INDEPENDENT

Errata ID: 2082
Status: Verified
Type: Technical

Reported By: Alfred Hoenes
Date Reported: 2010-03-21
Verifier Name: Nevil Brownlee
Date Verified: 2013-03-16

Section A.2, pg. 25 says:

```|  1.  Set h = find_integer_2(s).
|
|  2.  Convert h to an integer A.

3.  If -3 = A*Z^4 mod p is not solvable, then set s = update_seed(s)
and go to Step 1.

4.  Compute one solution Z of -3 = A*Z^4 mod p.

5.  Set s = update_seed(s).

6.  Set B = find_integer_2(s).

7.  If B is a square mod p, then set s = update_seed(s) and go to
Step 6.

8.  If 4*A^3 + 27*B^2 = 0 mod p, then set s = update_seed(s) and go
to Step 1.

9.  Check that the elliptic curve E over GF(p) given by y^2 = x^3 +
A*x + B fulfills all security and functional requirements given
in Section 3.  If not, then set s = update_seed(s) and go to Step
1.

10. Set s = update_seed(s).

11. Set k = find_integer_2(s).

12. Determine the points Q and -Q having the smallest x-coordinate in
E(GF(p)).  Randomly select one of them as point P.

```

It should say:

```|  1.  Set A = find_integer_2(s).
|
2.  If -3 = A*Z^4 mod p is not solvable, then set s = update_seed(s)
and go to Step 1.

3.  Compute one solution Z of -3 = A*Z^4 mod p.

4.  Set s = update_seed(s).

5.  Set B = find_integer_2(s).

6.  If B is a square mod p, then set s = update_seed(s) and go to
Step 5.

7.  If 4*A^3 + 27*B^2 = 0 mod p, then set s = update_seed(s) and go
to Step 1.

8.  Check that the elliptic curve E over GF(p) given by y^2 = x^3 +
A*x + B fulfills all security and functional requirements given
in Section 3.  If not, then set s = update_seed(s) and go to Step
1.

9.  Set s = update_seed(s).

10. Set k = find_integer_2(s).

11. Determine the points Q and -Q having the smallest x-coordinate in
E(GF(p)).  Randomly select one of them as point P.

```

Notes:

Rationale:
According to the first part of A.2, the routine find_integer_2()