D. J. Bernstein

Authenticators and signatures

nistp224
# The nistp224 program interface

## Compressed point multiplication

The `nistp224` program reads 56 bytes:
a 28-byte integer *e* and a 28-byte compressed point *x*.
Normally *x* is a compressed point
on the NIST P-224 elliptic curve;
the `nistp224` program
prints another compressed point on the curve,
namely the *e*th multiple of *x* on the curve,
and exits 0.
If *x* is not a compressed point on the curve,
or if *e* is exactly the order of the curve,
`nistp224` exits 100 without printing anything.
If `nistp224` encounters I/O errors, it exits 111.

The integer format and compressed point format
used by the `nistp224` program
are the same as the formats used by the
`nistp224` library routine.

## Compressed Diffie-Hellman

`nistp224` can be used for compressed Diffie-Hellman key exchange
on the NIST P-224 elliptic curve,
with 28-byte public keys.
To generate a public key:
Generate a secret key, consisting of 28 secret random bytes.
Feed those bytes, followed by 28 newlines,
into `nistp224`.
The output is your 28-byte public key.

To compute a shared secret:
Feed your secret key, followed by someone else's 28-byte public key,
into `nistp224`.
The output is your shared secret.

## Uncompressed point multiplication

The `nistp224-56` program reads 84 bytes:
a 28-byte integer *e* and a 56-byte point (*x*,*y*).
Normally (*x*,*y*) is a point
on the NIST P-224 elliptic curve;
the `nistp224-56` program
prints another point on the curve,
namely the *e*th multiple of (*x*,*y*) on the curve,
and exits 0.
If (*x*,*y*) is not a point on the curve,
or if *e* is exactly the order of the curve,
`nistp224-56` exits 100 without printing anything.
If `nistp224-56` encounters I/O errors, it exits 111.

The integer format and point format
used by the `nistp224-56` program
are the same as the formats used by the
`nistp224_56` library routine.

## Uncompressed Diffie-Hellman

`nistp224-56` can be used for uncompressed Diffie-Hellman key exchange
on the NIST P-224 elliptic curve,
with 56-byte public keys.
To generate a public key:
Generate a secret key, consisting of 28 secret random bytes.
Feed those bytes,
followed by the 56-byte standard base point,
into `nistp224-56`.
The output is your 56-byte public key.

To compute a shared secret:
Feed your secret key, followed by someone else's 56-byte public key,
into `nistp224`.
The output is your shared secret.