[cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

Thierry Moreau thierry.moreau at connotech.com
Mon May 11 22:14:46 EDT 2015


On 05/12/15 00:16, ianG wrote:
> On 11/05/2015 17:56 pm, Thierry Moreau wrote:
>> On 05/09/15 11:18, ianG wrote:
>>> Workshop on Elliptic Curve Cryptography Standards
>>> June 11-12, 2015
>>>
>>
>> I doubt the foremost questions will be addressed:
>>
>> To which extent NSA influence motivates NIST in advancing the ECC
>> standards?
>
>
> John Kelsey, chief of something or other at NIST, gave a pretty
> comprehensive talk on the NSA issue for NIST at Real World Crypto in
> Janaury [0].  My take-away is that they are taking it seriously.

Thanks for the reminder. I did read one report by NIST on this subject 
and it was already surprising how self-critical NIST was. The above talk 
goes in the same encouraging direction.

>
>  From memory, there wasn't anything directly spotted for the ECC stuff,
> but there has been this rising tide of demand for new curves ... so
> maybe now is the time.
>
>
>> Can independent academia members present hypothetical mathematical
>> advances (even breakthroughs) that NSA could have made, or could
>> speculatively expect to make, in order for the NSA to provide the US a
>> cryptanalysis advance over the rest of the world (central to NSA
>> mission).
>
>
> If you're saying, can the academics stumble across something that the
> NSA had beforehand, well, of course.  But I'm not sure that's what you
> mean.

Let me try to re-phrase what I meant.

I do not want to push any plot theory without a deep understanding of 
the ECC fundamentals. But recalling that NSA had prior knowledge of 
differential cryptanalysis (versus academia) and prior knowledge of RSA 
and D-H, is there any specific research directions in the ECC field in 
which the NSA could have advance knowledge that would induce them to 
push ECC deployment over factoring-based RSA?

>
> [0]
> http://www.realworldcrypto.com/rwc2015/program-2/RWC-2015-Kelsey-final.pdf?attredirects=0
>

- Thierry



More information about the cryptography mailing list