[cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

ianG iang at iang.org
Mon May 11 20:16:42 EDT 2015


On 11/05/2015 17:56 pm, Thierry Moreau wrote:
> On 05/09/15 11:18, ianG wrote:
>> Workshop on Elliptic Curve Cryptography Standards
>> June 11-12, 2015
>>
>> Agenda now available!
>>
>> The National Institute of Standards and Technology (NIST) will host a
>> Workshop on Elliptic Curve Cryptography Standards at NIST headquarters
>> in Gaithersburg, MD on June 11-12, 2015.  The workshop will provide a
>> venue to engage the cryptographic community, including academia,
>> industry, and government users to discuss possible approaches to promote
>> the adoption of secure, interoperable and efficient elliptic curve
>> mechanisms.
>
> I doubt the foremost questions will be addressed:
>
> To which extent NSA influence motivates NIST in advancing the ECC
> standards?


John Kelsey, chief of something or other at NIST, gave a pretty 
comprehensive talk on the NSA issue for NIST at Real World Crypto in 
Janaury [0].  My take-away is that they are taking it seriously.

 From memory, there wasn't anything directly spotted for the ECC stuff, 
but there has been this rising tide of demand for new curves ... so 
maybe now is the time.


> Can independent academia members present hypothetical mathematical
> advances (even breakthroughs) that NSA could have made, or could
> speculatively expect to make, in order for the NSA to provide the US a
> cryptanalysis advance over the rest of the world (central to NSA mission).


If you're saying, can the academics stumble across something that the 
NSA had beforehand, well, of course.  But I'm not sure that's what you mean.

> To which extent the table of key size equivalences (between
> factoring-based cryptosystems and ECC schemes) is biased for a faster
> adoption of ECC (e.g. it makes sense to move to ECC because the
> "equivalent" RSA key sizes are inconvenient)?
>
> NIST has been unquestionably useful for the cryptographic community with
> the AES and ASHA competitions. The outcome of the former is a widely
> deployed improvement over prior symmetric encryption algorithms. The
> outcome of the latter appears less attractive for adoption decisions,
> but the very challenges of an efficient secure hash algorithm seems to
> be the root cause, and not the NIST competition process.
>
> With ECC, I have less confidence in NIST ability to leverage the
> cryptographic community contributions.

Yeah, curves look much harder than hashes and ciphers.  But is there a 
better option?


iang

[0] 
http://www.realworldcrypto.com/rwc2015/program-2/RWC-2015-Kelsey-final.pdf?attredirects=0



More information about the cryptography mailing list