[cryptography] regarding the NSA crypto "breakthrough"

Tony Arcieri bascule at gmail.com
Fri Sep 6 16:21:21 EDT 2013


On Fri, Sep 6, 2013 at 11:47 AM, James A. Donald <jamesd at echeque.com> wrote:

> Time to generate and select new elliptic curves by an open process,
> wherein any large random quantities are chosen by a non secret process,
> such as searching for the appropriate value nearest a round number.
>

There are curves not selected by e.g. NIST with a published rationale for
their selection, like Curve25519. Is there any reason why such curves can't
be evaluated retroactively?

http://cr.yp.to/ecdh/curve25519-20060209.pdf

See in particular Theorem 2.1.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130906/1b61c822/attachment-0001.html>


More information about the cryptography mailing list