RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 7748, "Elliptic Curves for Security", January 2016

Source of RFC: IRTF

Errata ID: 5651
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Pierre Laurent
Date Reported: 2019-03-11
Rejected by: Stanislav Smyshlyaev
Date Rejected: 2020-12-15

Section 5 says:

z_2 = E * (AA + a24 * E)

It should say:

z_2 = E * (BB + a24 * E)


When BB is used, the point multiplication of the second test vector

P = (0x13a415c749d54cfc3e3cc06f10e7db312cae38059d95b7f4d3116878120f21e5, 0x1)

by scalar k

gives the expected point
[k]P = (0x5779ac7a64f7f8e652a19f79685a598bf873b8b45ce4ad7a7d90e87694decb95, 0x1)

The implementation based on AA gives the unexpected point
[k]P = (0x3884d5c22af664f822cb3dd728b03c9fac1e1d78c772a74f05546566bd7bed9c, 1)
It is proposed to modify the algorithm description for calculation of z_2. However, after checking the original algorithm independently, it was confirmed that the expected numbers are obtained. Therefore, the existing text of RFC does not have any errors here.

Report New Errata