[cryptography] What's the point of using non-NIST ECC Curves?

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Mon Oct 13 12:25:19 EDT 2014

On 10/13/2014 04:51 PM, Derek Miller wrote:
> Like many people, I consider the seed values used to generate the NIST
> Prime curves suspicious.
> However, considering one of the scenarios where these curves might be
> compromised (the NSA knew of weaknesses in certain curves, and engineered
> the NIST Prime curves to be subject to those weaknesses), does it even make
> sense to use ECC at all?
> If the NIST curves are weak in a way that we don't understand, this means
> that ECC has properties that we don't understand.
> Thus, if you don't trust the NIST Prime curves, does it make sense to trust
> any ECC curves at all?

In addition to the technical replies, I hope I don't annoy people by
pointing out an obvious benefit of avoiding NIST ECC curves: To punish
the NSA and anybody who collaborates with them for the harm they put on
the world.  Isolating them and putting pressure on groups breaking the
isolation strategy is one of the most effective measures we have as a
community to retaliate and protect us from further harm.

You can also see it as an implementation of the most basic game
strategy: tit for tat, or, in other words: trust until trust is broken,
then don't trust.

More information about the cryptography mailing list