I spent the last month reading NIST SP 800-56A Rev. 3 and writing a pure Rust ECMQV key exchange crate.

Features:

• Curves: Curve25519, secp256k1, secp256r1 (feature-gated)
• no_std + alloc
• Async optional (tokio tested)
• #![forbid(unsafe_code)]
• Zeroize on drop

Benchmark (Curve25519):

• Keygen: ~12.7 µs
• Ephemeral-only: ~200 µs
• Ephemeral-static: ~367 µs

What I'm least sure about:
The associate_value implementation for secp256k1/secp256r1. Formula is Ȳ = (x mod 2^L) + 2^L with L = ceil(field_bits/2). I used U256 wrapping arithmetic, but I'd appreciate someone checking if the modulo reduction is correct.

Links:
Repo: GitHub - cexpepe/ecmqv-rs · GitHub
crates.io: crates.io: Rust Package Registry
docs.rs: ecmqv_rs - Rust

Looking for review, feedback, and potential users.

1 post - 1 participant

Read full topic