[Cryptography] Seed values for NIST curves

Tony Arcieri bascule at gmail.com
Mon Sep 9 18:46:42 EDT 2013

On Mon, Sep 9, 2013 at 10:37 AM, Nemo <nemo at self-evident.org> wrote:

> The approach appears to be an attempt at a "nothing up my sleeve"
> construction. Appendix A says how to start with a seed value and use SHA-1
> as a psuedo-random generator to produce candidate curves until a suitable
> one is found.

The question is... suitable for what? djb argues it could be used to find a
particularly weak curve, depending on what your goals are:


(originally from http://www.hyperelliptic.org/tanja/vortraege/20130531.pdf)

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130909/fec13ab9/attachment.html>

More information about the cryptography mailing list