Any point of order r can serve as the base point. Each curve is supplied with a sample base point G = (Gx, Gy). Users may want to generate their own base points to ensure cryptographic separation of networks.
2. Curves over Prime Fields
For each prime p, a pseudo-random curve
E: y2 ≡ x3 - 3x + b (mod p)
of prime order r is listed[1]. (Thus, for these curves, the cofactor is always f = 1.)
The following parameters are given:
- The prime modulus p
- The order r
- the 160-bit input seed s to SHA-1 based algorithm
- The output c of the SHA-1 based algorithm
- The coefficient b (satisfying b2 c ≡ -27 (mod p))
- The base point x coordinate Gx
- The base point y coordinate Gy
The integers p and r are given in decimal form; bit strings and field elements are given in hex.
_______________________
- ↑ The selection a = -3 for the coefficient of x was made for reasons of efficiency; see IEEE P1363.
28
