Negative parameter in c'tor of EllipticCurve

Michael StJohns mstjohns at comcast.net
Tue Jan 5 16:28:04 UTC 2016


I believe you need to take  "a mod p" to get the correct value.   If you 
google for one of the other values in the table, you can find 
implementations that pre-reduce this and have a value for a that is 3 
less than p.

BTW - this is generally not the place to ask non-JDK questions.

Mike




On 1/5/2016 8:19 AM, Yasumasa Suenaga wrote:
> Hi all,
>
> I encountered IllegalArgumentException when I generate EC key pair as below.
>
> reproducer:
> -----------------
> import java.math.*;
> import java.security.*;
> import java.security.spec.*;
> import java.security.interfaces.*;
>
>
> public class ECKeyGen{
>
>    public static BigInteger P =
>               new BigInteger("900812823637587646514106462588455890498729007071");
>
>    public static BigInteger A = new BigInteger("-3");
>
>    public static BigInteger B =
>               new BigInteger("366394034647231750324370400222002566844354703832");
>
>    public static BigInteger Gx =
>               new BigInteger("264865613959729647018113670854605162895977008838");
>
>    public static BigInteger Gy =
>                new BigInteger("51841075954883162510413392745168936296187808697");
>
>    public static BigInteger R =
>               new BigInteger("900812823637587646514106555566573588779770753047");
>
>    public static void main(String[] args) throws Exception{
>      EllipticCurve curve = new EllipticCurve(new ECFieldFp(P), A, B);
>      ECParameterSpec spec =
>                        new ECParameterSpec(curve, new ECPoint(Gx, Gy), R, 1);
>
>      KeyPairGenerator keygen = KeyPairGenerator.getInstance("EC");
>      KeyPair keypair = keygen.generateKeyPair();
>
>      ECPrivateKey privateKey = (ECPrivateKey)keypair.getPrivate();
>      ECPoint publicKey = ((ECPublicKey)keypair.getPublic()).getW();
>      System.out.println("Private Key: " + privateKey.getS().toString(16));
>      System.out.println("Public Key:");
>      System.out.println("  x: " + publicKey.getAffineX().toString(16));
>      System.out.println("  y: " + publicKey.getAffineY().toString(16));
>    }
>
> }
>
> -----------------
>
> console:
> -----------------
> $ /usr/local/jdk1.8.0_66/bin/java ECKeyGen
> Exception in thread "main" java.lang.IllegalArgumentException: first coefficient is negative
>          at java.security.spec.EllipticCurve.checkValidity(EllipticCurve.java:59)
>          at java.security.spec.EllipticCurve.<init>(EllipticCurve.java:112)
>          at java.security.spec.EllipticCurve.<init>(EllipticCurve.java:83)
>          at ECKeyGen.main(ECKeyGen.java:27)
> -----------------
>
> I checked this exception with both 8u66 and 9.
> Cause of this is the "a" parameter is negative value.
> However, these parameters are based on [1] .
>
> I'm not sure about the EC.
> However, [1] shows negative parameter, and C code which uses OpenSSL
> does not occur error with same parameters.
>
> If JDK implementation is incorrect, I will file it to JBS and create
> a webrev to avoid the check for negative value.
>
> Could you help?
>
>
> Thanks,
>
> Yasumasa
>
>
> [1] Advanced Access Content System (AACS)
>       Introduction and Common Cryptographic Elements
>        Table 2-1 - ECC Parameters
>      http://www.aacsla.com/specifications/AACS_Spec_Common_Final_0953.pdf
>
>




More information about the security-dev mailing list