[Cryptography] IETF discussion on new ECC curves.
=JeffH
Jeff.Hodges at KingsMountain.com
Fri Aug 8 18:41:05 EDT 2014
John Kelsey wondered..
>
> Does it make sense to have a small set of curves that everyone uses? Or
> would it be better to have every application or even every user generate
> their own curve, using some process that would convince skeptics that the
> curves had been generated randomly?
These questions appear to be aspects of an overall curve-selection property
DJB & Lange term "rigidity"..
SaveCurves: Curves: choosing safe curves for elliptic-curve cryptography
"Rigidity"
http://safecurves.cr.yp.to/rigid.html
It appears that the SafeCurves introduction <http://safecurves.cr.yp.to/>
argues that the answer to your questions are nominally 'yes' and 'no'
respectively, and appear to be proposing 11 specific curves (by my count of
curves meeting all requirements as listed in the last table on the
SafeCurves introducion page).
Others may offer (somewhat) different answers, e.g. Microsoft Ressearch..
Selecting Elliptic Curves for Cryptography:
An E
ciency and Security Analysis
[ Microsoft's 'NUMS Curves' proposal. Bos, Costello, Longa, Naehrig]
http://eprint.iacr.org/2014/130.pdf
..who are proposing 13 curves.
Another wrinkle is "target security level". Safecurves does not appear to
attempt to group their curves according to bit-equivalent security levels,
but Microsoft's 'NUMS Curves' proposal does.
See also the slides from the CFRG meeting at IETF-90 Toronto (a couple weeks
ago now) which featured presos on the above by their authors/proponents..
https://datatracker.ietf.org/meeting/90/materials.html#cfrg
HTH,
=JeffH
More information about the cryptography
mailing list