

Found 4 records.
Errata ID: 2082
Status: Verified
Type: Technical
Reported By: Alfred Hoenes
Date Reported: 20100321
Verifier Name: Nevil Brownlee
Date Verified: 20130316
Section A.2, pg. 25 says:
 1. Set h = find_integer_2(s).   2. Convert h to an integer A. 3. If 3 = A*Z^4 mod p is not solvable, then set s = update_seed(s) and go to Step 1. 4. Compute one solution Z of 3 = A*Z^4 mod p. 5. Set s = update_seed(s). 6. Set B = find_integer_2(s). 7. If B is a square mod p, then set s = update_seed(s) and go to Step 6. 8. If 4*A^3 + 27*B^2 = 0 mod p, then set s = update_seed(s) and go to Step 1. 9. Check that the elliptic curve E over GF(p) given by y^2 = x^3 + A*x + B fulfills all security and functional requirements given in Section 3. If not, then set s = update_seed(s) and go to Step 1. 10. Set s = update_seed(s). 11. Set k = find_integer_2(s). 12. Determine the points Q and Q having the smallest xcoordinate in E(GF(p)). Randomly select one of them as point P.
It should say:
 1. Set A = find_integer_2(s).  2. If 3 = A*Z^4 mod p is not solvable, then set s = update_seed(s) and go to Step 1. 3. Compute one solution Z of 3 = A*Z^4 mod p. 4. Set s = update_seed(s). 5. Set B = find_integer_2(s). 6. If B is a square mod p, then set s = update_seed(s) and go to Step 5. 7. If 4*A^3 + 27*B^2 = 0 mod p, then set s = update_seed(s) and go to Step 1. 8. Check that the elliptic curve E over GF(p) given by y^2 = x^3 + A*x + B fulfills all security and functional requirements given in Section 3. If not, then set s = update_seed(s) and go to Step 1. 9. Set s = update_seed(s). 10. Set k = find_integer_2(s). 11. Determine the points Q and Q having the smallest xcoordinate in E(GF(p)). Randomly select one of them as point P.
Notes:
Rationale:
According to the first part of A.2, the routine find_integer_2()
returns an integer value (see also original step 6.).
Thus, step 2 should be deleted, and 'h' is not needed.
Note that merely renumbered steps are not taagged with
a change bar above.
Updated 20130606. Thanks to Edward Huff for the correction.
Errata ID: 2071
Status: Verified
Type: Editorial
Reported By: Johannes Merkle
Date Reported: 20100310
Verifier Name: Nevil Brownlee
Date Verified: 20130320
Section A.1 says:
p_320 = 1763593322239166354161909842446019520889512772719515192772 9604152886408688021498180955014999035278
It should say:
p_320 = 1763593322239166354161909842446019520889512772719515192772 960415288640868802149818095501499903527
Errata ID: 2083
Status: Verified
Type: Editorial
Reported By: Alfred Hoenes
Date Reported: 20100321
Verifier Name: Nevil Brownlee
Date Verified: 20130316
Section 1.1,1st para says:
This RFC specifies elliptic curve domain parameters over prime fields GF(p) with p having a length of 160, 192, 224, 256, 320, 384, and 512 bits. These parameters were generated in a pseudorandom, yet completely systematic and reproducible, way and have been verified to resist current cryptanalytic approaches. The parameters are compliant with ANSI X9.62 [ANSI1] and ANSI X9.63 [ANSI2], ISO/IEC 14888 [ISO1] and ISO/IEC 15946 [ISO2], ETSI TS 102 1761 [ETSI], as  well as with FIPS1862 [FIPS], and the Efficient Cryptography Group (SECG) specifications ([SEC1] and [SEC2]).
It should say:
This RFC specifies elliptic curve domain parameters over prime fields GF(p) with p having a length of 160, 192, 224, 256, 320, 384, and 512 bits. These parameters were generated in a pseudorandom, yet completely systematic and reproducible, way and have been verified to resist current cryptanalytic approaches. The parameters are compliant with ANSI X9.62 [ANSI1] and ANSI X9.63 [ANSI2], ISO/IEC 14888 [ISO1] and ISO/IEC 15946 [ISO2], ETSI TS 102 1761 [ETSI], as  well as with FIPS1862 [FIPS], and the Standards for Efficient Cryptography Group (SECG) specifications ([SEC1] and [SEC2]).
Notes:
Rationale: incomplete expansion of acronym.
Additional note:
In Section 7.2, two of the references quoted here should perhaps
better point to the current versions of the documents:
[SEC1] "SEC1: Elliptic Curve Cryptography",
Version 2.0, May 2009.
[FIPS] NIST, "Digital Signature Standard (DSS)",
FIPS PUB 1863, November 2008.
Errata ID: 2084
Status: Verified
Type: Editorial
Reported By: Alfred Hoenes
Date Reported: 20100321
Verifier Name: Nevil Brownlee
Date Verified: 20130316
Section 2.,1st para says:
Throughout this memo, let p > 3 be a prime and GF(p) a finite field  (sometimes also referred to as Galois Field or GF(p)) with p elements. [...]
It should say:
Throughout this memo, let p > 3 be a prime and GF(p) a finite field  (sometimes also referred to as Galois Field or F_p) with p elements. [...] or perhaps more precisely: Throughout this memo, let p > 3 be a prime and GF(p) a finite field  (Galois Field) with p elements (sometimes also referred to as F_p). [...]
Notes:
Rationale:
... GF(p) ... sometimes also referred to as ... GF(p) ...
does no make sense.
The original version from the draft did make sense  mentioning
_another_ common notion, "F_p".