[Cryptography] NIST Workshop on Elliptic Curve Cryptography Standards
Tony Arcieri
bascule at gmail.com
Fri May 15 03:38:26 EDT 2015
On Fri, May 15, 2015 at 7:43 AM, Ryan Carboni <ryacko at gmail.com> wrote:
> But my awareness of ECC issues is that the constants are suspicious
> according to this web page: http://safecurves.cr.yp.to/rigid.html
>
See also:
http://safecurves.cr.yp.to/bada55.html
This is a demonstration of how even though a "verifiably random" process
(used by the NIST, Brainpool, and the GOST curves) is used, it's possible
to tamper with curve parameters.
BADA55's tampering was not malicious (and in fact they are "safe curves"
per safecurves.cr.yp.to), but the possibility to tamper with curve
parameters exists in any curves generated this way.
This is why "nothing up my sleeve" curve constants generated through a
rigid process are important (per your link).
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150515/bf754af0/attachment.html>
More information about the cryptography
mailing list