# RFC Errata

#### RFC 6090, "Fundamental Elliptic Curve Cryptography Algorithms", February 2011

Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec

See Also: RFC 6090 w/ inline errata

Errata ID: 3920

**Status: Verified
Type: Technical
Publication Format(s) : TEXT**

Reported By: Watson Ladd

Date Reported: 2014-03-15

Verifier Name: Kathleen Moriarty

Date Verified: 2014-07-01

Section Appendix F says:

Then, the product P3=(X3,Y3,Z3) = P1 * P2 is given by: if P1 is the point at infinity, P3 = P2 else if P2 is the point at infinity, P3 = P1 else if u is not equal to 0 but v is equal to 0, P3 = (0,1,0) else if both u and v are not equal to 0, X3 = v * (Z2 * (Z1 * u^2 - 2 * X1 * v^2) - v^3) Y3 = Z2 * (3 * X1 * u * v^2 - Y1 * v^3 - Z1 * u^3) + u * v^3 Z3 = v^3 * Z1 * Z2 else // P2 equals P1, P3 = P1 * P1 w = 3 * X1^2 + a * Z1^2 X3 = 2 * Y1 * Z1 * (w^2 - 8 * X1 * Y1^2 * Z1) Y3 = 4 * Y1^2 * Z1 * (3 * w * X1 - 2 * Y1^2 * Z1) - w^3 Z3 = 8 * (Y1 * Z1)^3

It should say:

Then, the product P3=(X3,Y3,Z3) = P1 * P2 is given by: if P1 is the point at infinity, P3 = P2 else if P2 is the point at infinity, P3 = P1 else if P1=-P2 as projective points P3 = (0,1,0) else if P1 does not equal P2 X3 = v * (Z2 * (Z1 * u^2 - 2 * X1 * v^2) - v^3) Y3 = Z2 * (3 * X1 * u * v^2 - Y1 * v^3 - Z1 * u^3) + u * v^3 Z3 = v^3 * Z1 * Z2 else // P2 equals P1, P3 = P1 * P1 w = 3 * X1^2 + a * Z1^2 X3 = 2 * Y1 * Z1 * (w^2 - 8 * X1 * Y1^2 * Z1) Y3 = 4 * Y1^2 * Z1 * (3 * w * X1 - 2 * Y1^2 * Z1) - w^3 Z3 = 8 * (Y1 * Z1)^3

Notes:

The original algorithm was wrong and produces incorrect answers. There are several fixes that could take place.