[cryptography] regarding the NSA crypto "breakthrough"

Tony Arcieri bascule at gmail.com
Fri Sep 6 16:21:21 EDT 2013

On Fri, Sep 6, 2013 at 11:47 AM, James A. Donald <jamesd at echeque.com> wrote:

> Time to generate and select new elliptic curves by an open process,
> wherein any large random quantities are chosen by a non secret process,
> such as searching for the appropriate value nearest a round number.

There are curves not selected by e.g. NIST with a published rationale for
their selection, like Curve25519. Is there any reason why such curves can't
be evaluated retroactively?


See in particular Theorem 2.1.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130906/1b61c822/attachment-0001.html>

More information about the cryptography mailing list