RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 7748, "Elliptic Curves for Security", January 2016

Source of RFC: IRTF

Errata ID: 7879
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Nawras Hussein Sabbry
Date Reported: 2024-04-02

Section 5 says:

z_2 = E * (AA + a24 * E)

It should say:

z_2 = E * (BB + a24 * E)


In the for loop on page 8, the variable AA should be replaced with BB in Z_2. This modification is necessary because the mathematical formula for point doubling on the Montgomery curve according to (https://en.wikipedia.org/wiki/Montgomery_curve#Montgomery_arithmetic) indicates that Z2n (equivalent to Z_2 in this case) is calculated as follows: Z2n = 4XnZn((Xn-Zn)^2 + ((A+2)/4)(4XnZn)). It is observed in this equation that the operation in the (Xn-Zn)^2 part involves subtraction similar to the variable B, while the operation in the variable A involves addition. Considering this discrepancy, it is suggested to substitute AA with BB for correctness.

Report New Errata

Advanced Search