[cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

Tony Arcieri bascule at gmail.com
Mon May 11 23:16:22 EDT 2015


On Tue, May 12, 2015 at 11:14 AM, Thierry Moreau <
thierry.moreau at connotech.com> wrote:

> I do not want to push any plot theory without a deep understanding of the
> ECC fundamentals. But recalling that NSA had prior knowledge of
> differential cryptanalysis (versus academia) and prior knowledge of RSA and
> D-H, is there any specific research directions in the ECC field in which
> the NSA could have advance knowledge that would induce them to push ECC
> deployment over factoring-based RSA?


I think it's unlikely that the NSA had advance knowledge of some sort of
class of weak curves / attack in the late '90s and baked that attack into
the NIST curves in such a way that civilian cryptographers are yet to
discover it in 2015.

However, the NIST curves definitely have (unintentional?) security problems
in addition to large mystery constants which do not inspire confidence.
Hence djb and friends / MS / CFRG's desire to have rigid curve generation
guidelines.

Dual EC DRBG smelled much more of a backdoor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150512/011f6f1a/attachment-0001.html>


More information about the cryptography mailing list