[cryptography] What's the point of using non-NIST ECC Curves?
stephen.farrell at cs.tcd.ie
Mon Oct 13 11:42:32 EDT 2014
On 13/10/14 15:51, Derek Miller wrote:
> Like many people, I consider the seed values used to generate the NIST
> Prime curves suspicious.
> However, considering one of the scenarios where these curves might be
> compromised (the NSA knew of weaknesses in certain curves, and engineered
> the NIST Prime curves to be subject to those weaknesses), does it even make
> sense to use ECC at all?
> If the NIST curves are weak in a way that we don't understand, this means
> that ECC has properties that we don't understand.
> Thus, if you don't trust the NIST Prime curves, does it make sense to trust
> any ECC curves at all?
There are performance and implementation reasons (easier to
avoid side-channel attacks) claimed for the additional curves
that are being looked at by the IRTF's CFRG (at the request
of the IETF's TLS, if that's not too acronym laden:-) Those
claims seem credible at least, and are also spurring folks to
look again at implementations of the NIST curves.
> I appreciate your responses,
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography