[Cryptography] [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

[dj at deadhat.com]

> On Tue, May 12, 2015 at 1:56 AM, Thierry Moreau <
> thierry.moreau at connotech.com> wrote:
>
>> With ECC, I have less confidence in NIST ability to leverage the
>> cryptographic community contributions.
>
>
> One hopes they will recommend the same elliptic curve standards that the
> IRTF's CFRG is standardizing for use in e.g. TLS.
>
> Given that, so far, the CFRG has standardized curves developed by djb and
> Mike Hamburg, at least to me they feel free of NSA influence.
>
> We'll see what NIST actually ends up doing. Standardizing the CFRG curves
> seems like a great way they could help promote interoperability and
> rebuild
> their reputation.
>

The DJB curves are finding traction elsewhere and will be adopted by other
standards bodies that I am involved in (because in part, I'm pushing for
them). The efficiency, simplicity of implementation and acceptance by the
crypto community of these algorithms make for strong arguments in
standards contexts.

NIST's primary problem with ECC are the NIST curves. If they can bring
themselves to move on to curves with better provenance, then progress can
be made with NIST. Otherwise the NIST curves will become obsolete and
superseded by other standards bodies.

There is also the Lightweight Crypto Workshop at NIST. This heavily
overlaps with the ECC thing, because the right options for ECC curves are
also the right options for lightweight crypto.

I'm attending the lightweight Crypto Workshop, but not the ECC Workshop. I
don't have bandwidth for both.

I spoke with Lily Chen of NIST last week (at SC27) about the
Lighweight/ECC overlap and the need for them to move to better curves.
They know what I think.