Hello Stephan, > Why do we need a second implementation of ECC? Why can't we reuse the existing > ECC implementation in crypto/ecc.c? Or are there limitations in the existing > ECC implementation that cannot be fixed? The implementation of crypto/ecc.c is still relatively crude at present, and the implementation of a complete elliptic curve is still incomplete. In the beginning I did develop based on crypto/ecc.c, but then I couldn't go on. mpi/ec.c is based on the more mature mpi library, and mpi has been well implemented in the kernel. The interface definition and operations have a more mature interface, and this interface is compatible with the kernel. It's also very good, openssl also has a corresponding BIGNUM structure, a complete elliptic curve such as sm2, both encryption and decryption and signature algorithms, and there are many inconveniences based on crypto/ecc.c development. A more powerful The underlying algorithm library to support, mpi from libgcrypt is a good choice. I think that if possible, you can also consider migrating crypto/ecc.c based algorithms to mpi/ec.c in the future, so that mpi/ec.c becomes a basic elliptic curve algorithm. Here are some of my personal views, welcome everyone to discuss, and hope that the maintainers can think about it. Thanks. Tianjia