Hello,

The smallest curves that were ever implemented in Mbed TLS are 192-bit curves. It was before my time so I don't know the rationale, but 160-bit curves were already considered weak at the time, and they were not widely deployed anyway.

Some 192-bit and 224-bit curves are still supported today, although since Mbed TLS 3.0, they are not accepted for certificate verification by default, and we intend to remove them in the next version of the library. (That leaves secp256r1, secp256k1, brainpool-p256r1 and curve25519 as the smallest curve in each supported family.)

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 10/03/2025 12:02, Manish Badarkhe via mbed-tls wrote:

Hi Ankita

MbedTLS does not appear to support Curve-160, with the lowest supported curve being P-192. You can verify this in the Mbed TLS v3.6.2 - ecp.h (Line 55).

This decision was likely made due to security concerns, as elliptic curves with smaller bit sizes (such as 160 bits) are considered vulnerable to modern computational power and cryptographic attacks. A 160-bit key provides relatively weak security, which has led to the recommendation of using stronger curves for robust cryptographic protection. The Mbed TLS team can confirm this reasoning though.

In Trusted Firmware-A (TF-A), we primarily use P-256 by default for its good balance between security and performance. For enhanced security, we opt for P-384 to provide a higher level of protection where needed.

I hope this helps.

Regards,
Manish Badarkhe

From: Ankita Hatmode via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 05 March 2025 12:26
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Cc: Raman Jamloki <raman.jamloki@agiliad.com>
Subject: [mbed-tls] Inquiry about the ECC-160 bit size support in MbedTLS

Hi Team,

I am working on an embedded security project and exploring ECC support in MbedTLS 3.6.2. I would like to confirm whether the MbedTLS supports ECC-160 i.e. Elliptic Curve Cryptography with a 160 bit key size, in the latest version or any earlier versions.

Looking forward to your response.

Thanks and regards,

Ankita Hatmode

-------------------------------------------------------------------------------------------------------------------------
Disclaimer: This email message including any attachments is confidential, and may be privileged and proprietary to Agiliad. If you are not the intended recipient, please notify us immediately by replying to this message and destroy all copies of this message including any attachments. You are NOT authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. Thank you.
------------------------------------------------------------------------------------------------------------------------