ANSSI FRP256v1

The French National Cybersecurity Agency (originaly Agence nationale de la sécurité des systèmes d'information), shortly ANSSI, has recommended curve FRP256v1 in the Official Journal of the French Republic [1]. According to the document, the curve has been validated by ANSSI and can be freely integrated into all security products. The document doesn't specify the method of generation or any security conditions this curve satisfies. On the official ANSSI website, there is a short comment claiming that the proposed setting corresponds to a curve generated randomly and selected to satisfy the usual security criteria. It also states the size of the curve follows the rules set out in the Référentiel Général de Sécurité [2], which is the result of joint work between the General Directorate of the modernization of the State (DGME) and the National Information Systems Security Agency (ANSSI) and made official by decree of the Prime Minister. Appendix B1 recommends (RègleECp-2) that after 2020 the order of the prime subgroup should have a size of at least 256 bits (200 bits before 2020). Furthermore, it recommends that the cofactor should be 1 (RecomECp-1). The document also provides a brief justification for these choices due to security.