[Cryptography] Dual_EC_DRBG backdoor: a proof of concept
andrew cooke
andrew at acooke.org
Fri Jan 3 18:34:20 EST 2014
On Fri, Jan 03, 2014 at 11:50:15PM +0100, Krisztián Pintér wrote:
> >> that said, as i heard, dual-ec does not have a security proof. correct
> >> me if i'm wrong.
>
> > It has a security proof *if* the primes chosen in an honest fashion.
>
> are you sure of that? because i recall that someone said it is a myth,
> it does not have a proof. unlike bbs that indeed has. anyway, i might
> be wrong on that, but that is what i heard.
http://eprint.iacr.org/2006/117
andrew
More information about the cryptography
mailing list