[cryptography] NIST should publish Suite A

James A. Donald jamesd at echeque.com
Sun Nov 10 15:04:42 EST 2013

On 2013-11-10 22:24, ianG wrote:
> The best I've seen so far is as found on this site
> http://safecurves.cr.yp.to/ which seems to say (my reading only) that
> the prior standards work on curves is suspect, but we can do a good job
> ourselves if we recalculate to best of ability (us meaning not me).
> But we really don't know.  Meanwhile, as a side pointer as to how far
> the 'defaults' trap has taken us, here's another pointer [0]:

That the curves NIST wants us to use are not very efficient would 
suggest that they cannot break just any curve, only some special curves. 
  If they could break any curve, would have recommended some
more efficient curves.

The mathematics of elliptic curves makes it unlikely that there is any 
general solution to the discrete log problem.

It also makes it likely that there are lots of classes of special curves 
that do have fast solutions to the discrete log problem.

More information about the cryptography mailing list