[Cryptography] [FORGED] Re: Why is ECC secure?
Tony Arcieri
bascule at gmail.com
Mon Jun 1 18:40:28 EDT 2015
On Mon, Jun 1, 2015 at 11:54 AM, CodesInChaos <codesinchaos at gmail.com>
wrote:
> One of DJB's 64 bit asm implementations of Curve25519/Ed25519
> contained a carry bug. I'm pretty sure that this bug allows key
> recovery when using a long term DH key.
>
> As far as I can tell, nobody actually used this implementation. But it
> shows that even with a nice Montgomery curve you can get a hard to
> detect bug that allows key recovery.
>
OK, I stand corrected.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150601/218b0a5a/attachment.html>
More information about the cryptography
mailing list