RFC Errata
RFC 5639, "Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation", March 2010
Source of RFC: INDEPENDENTSee Also: RFC 5639 w/ inline errata
Errata ID: 2082
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2010-03-21
Verifier Name: Nevil Brownlee
Date Verified: 2013-03-16
Section A.2, pg. 25 says:
| 1. Set h = find_integer_2(s). | | 2. Convert h to an integer A. 3. If -3 = A*Z^4 mod p is not solvable, then set s = update_seed(s) and go to Step 1. 4. Compute one solution Z of -3 = A*Z^4 mod p. 5. Set s = update_seed(s). 6. Set B = find_integer_2(s). 7. If B is a square mod p, then set s = update_seed(s) and go to Step 6. 8. If 4*A^3 + 27*B^2 = 0 mod p, then set s = update_seed(s) and go to Step 1. 9. Check that the elliptic curve E over GF(p) given by y^2 = x^3 + A*x + B fulfills all security and functional requirements given in Section 3. If not, then set s = update_seed(s) and go to Step 1. 10. Set s = update_seed(s). 11. Set k = find_integer_2(s). 12. Determine the points Q and -Q having the smallest x-coordinate in E(GF(p)). Randomly select one of them as point P.
It should say:
| 1. Set A = find_integer_2(s). | 2. If -3 = A*Z^4 mod p is not solvable, then set s = update_seed(s) and go to Step 1. 3. Compute one solution Z of -3 = A*Z^4 mod p. 4. Set s = update_seed(s). 5. Set B = find_integer_2(s). 6. If B is a square mod p, then set s = update_seed(s) and go to Step 5. 7. If 4*A^3 + 27*B^2 = 0 mod p, then set s = update_seed(s) and go to Step 1. 8. Check that the elliptic curve E over GF(p) given by y^2 = x^3 + A*x + B fulfills all security and functional requirements given in Section 3. If not, then set s = update_seed(s) and go to Step 1. 9. Set s = update_seed(s). 10. Set k = find_integer_2(s). 11. Determine the points Q and -Q having the smallest x-coordinate in E(GF(p)). Randomly select one of them as point P.
Notes:
Rationale:
According to the first part of A.2, the routine find_integer_2()
returns an integer value (see also original step 6.).
Thus, step 2 should be deleted, and 'h' is not needed.
Note that merely renumbered steps are not taagged with
a change bar above.
Updated 2013-06-06. Thanks to Edward Huff for the correction.