mdanter / ecc
PHP Elliptic Curve Cryptography library
Installs: 5 150 939
Dependents: 95
Suggesters: 4
Security: 2
Stars: 342
Watchers: 26
Forks: 105
Open Issues: 20
Requires
- php: ^7.0||^8.0
- ext-gmp: *
- fgrosse/phpasn1: ^2.0
Requires (Dev)
- phpunit/phpunit: ^6.0||^8.0||^9.0
- squizlabs/php_codesniffer: ^2.0
- symfony/yaml: ^2.6|^3.0
- dev-master
- 7.3.x-dev
- v1.0.0
- 0.5.x-dev
- v0.5.2
- v0.5.1
- v0.5.0
- 0.4.x-dev
- v0.4.7
- v0.4.6
- v0.4.5
- v0.4.4
- v0.4.3
- v0.4.2
- v0.4.1
- v0.4.0
- 0.3.x-dev
- v0.3.2
- v0.3.1
- v0.3.0
- 0.2.0
- dev-update-testing-versions
- dev-bc-break-cswap-functions
- dev-phpstan
- dev-brainpool
- dev-phpstan-with-bool-cswap
- dev-remove-base-convert-string-type
This package is auto-updated.
Last update: 2024-04-24 19:36:03 UTC
README
Information
This library is a rewrite/update of Matyas Danter's ECC library. All credit goes to him.
For more information on Elliptic Curve Cryptography please read this fine article.
The library supports the following curves:
- secp112r1
- secp256k1
- nistp192
- nistp224
- nistp256 / secp256r1
- nistp384 / secp384r1
- nistp521
During ECDSA, a random value k is required. It is acceptable to use a true RNG to generate this value, but
should the same k value ever be repeatedly used for a key, an attacker can recover that signing key.
The HMAC random generator can derive a deterministic k value from the message hash and private key, voiding
this concern.
The library uses a non-branching Montgomery ladder for scalar multiplication, as it's constant time and avoids secret dependant branches.
License
This package is released under the MIT license.
Requirements
- PHP 7.0+ or PHP 8.0+
- composer
- ext-gmp
Support for older PHP versions:
- v0.4.x: php ^5.6|<7.2
- v0.5.x: php ^7.0
- v1.0.x: php ^7.0|^8.0
Installation
You can install this library via Composer :
composer require mdanter/ecc:^1.0
Contribute
When sending in pull requests, please make sure to run the make command.
The default target runs all PHPUnit and PHPCS tests. All tests must validate for your contribution to be accepted.
It's also always a good idea to check the results of the Scrutinizer analysis for your pull requests.
Usage
Examples: