cover   Guide to
Elliptic Curve Cryptography

Darrel Hankerson, Alfred Menezes, and Scott Vanstone

Errata

The Guide was published in 2004. The notes listed below apply to all printings as of March 2005.

Page 56, Algorithm 2.44, Line 4. Replace "T !! 23" with "T << 23".
Page 56, Algorithm 2.54, Line 4. Replace "0x7FFFFFFF" with "0x07FFFFFF".
(Reported on Aug 28, 2008 by M. Campagna.)
Page 94, Line 4: The negative of a point in LD coordinates should be (X : XZ+Y : Z).
(Reported on March 6, 2005 by B. Poettering.)
Page 102. Section 3.3 has an explicit assumption that the multiplier k in kP satisfies k < n. However, the material on Montgomery's method has an implicit assumption that k < n-1 (otherwise, the last iteration produces the point at infinity). In Algorithm 3.40, list "k < n-1" explicitly as an input requirement.
(Reported on Sep 6, 2004 by B. Poettering.)
Page 105, Algorithm 3.42. Precomputation step 1 should terminate at ceil((t+1)/w)-1. Step 4 should end with "of length w".
(Reported on Sep 6, 2004 by B. Poettering.)
Page 106, Algorithm 3.45. Clarification: since "each Kj is a bit string of length d", the understanding is that Kjd= 0.
(Reported on Sep 2, 2004 by B. Poettering.)
Page 127. Clarification: steps 1-3 of Algorithm 3.74 do not depend on k and hence are "per curve" precomputations. In step 1, strike "and" in "reminders ri and". Step 4 erroneously assumes that a1b2 - b1a2 gives n when in fact this value could be -n. Insert a new step between steps 3 and 4: If b2 < 0 then interchange v1 and v2.
(Reported on March 1, 2005 by B. Poettering.)
Page 167: "Failure of index-calculus attacks on the ECLDP" should have "ECDLP".
(Reported on Sep 6, 2004 by B. Poettering.)
Page 197. Add a period for the last sentence of the first paragraph.
Page 300. Reference [414] should list pages 366-380 (rather than 366-280).
Guide to Elliptic Curve Cryptography / g2ecc@dms.auburn.edu / Illustration by Helen D'Souza / Last updated on March 3, 2005