Implementation of ECC in C

I would like to implement «my own hybrid encryption engine» using the asymmetric elliptic curve cryptography instead of other algorithms as RSA or ElGamal.

Assuming that I want to use curves that provide greater security, which ones should I employ? Based on what I've read I think that probably the 521-bit curve is ideal. Are there more secure schemes?

What are the most secure implemen开发者_开发知识库tations in C/C++ (without using the C++ STL) against, for example, side-channel attacks? I would like to implement it as a «separate» module, so I would appreciate clean source code or good references.

Before even thinking about whether any of the standard curves might not be secure enough, I'd just go and make sure that the encryption mode really is secure against plain old chosen ciphertext attacks. I think the paper by Cramer and Shoup "Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack", 2003 is a good starting point for analyzing hybrid encryption schemes.

As for timing attacks: OpenSSL contains implementations for a small number of selected number of curves that have been implemented so that they run in constant time.