I\'m trying to incorporate ECC into an iPhone app that is being used for secure communications but I\'m having a hard time finding a proper library / tutorial on how to do t
This isn't the answer you were asking for. But, my paranoia compels me to suggest that you take the time to really understand the nuts and bolts of your ECC implementation. Consider this publication on the NSA back door.
If you take nothing more than this from the article, note that: "RSA Security publicly renounced Dual_EC_DRBG".
I reviewed the list of vendors that had validated various DRBG algorithms. It appears as though Apple directly validated CRT_DRBG for most platforms and OSs. In the clear right? Not necessarily. If you look closer, there appears to be vendors that had validated Dual EC DRBG whose technology may have been built into Apple products. How and where it's used? I wasn't able to determine this.
For example: scroll down to validation number 309. I'm not sure if I'm reading correctly. But my take is Cummings is (or intended to be) the OEM vendor for Apple mobile devices distributed with an ARM A8 core and iOS 5.0. They validated their cryptographic communications module which included dual EC DRBG. When is it used? All I know is it says it is both "enabled and not enabled". When?! No idea. Note that there are several other flavors of DRBG that are both "enabled and not enabled". This can only decrease the probability of use.
It seems the bottom line is:
dual EC DRBG may be used in a the cryptographic functions that use SHA on the qualifying platforms in an unknown number of scenarios.
we'll have to wait for the resolve of the investigation to be sure
it's back door that the authorities suspect.
Have a nice day. :)
P.S. I couldn't help but be concerned with OpenSSL. I found this post that sheds some light on the unknowns regarding how to clarify whether OpenSSL is using the black listed random number generator.