[Cryptography] NIST Workshop on Elliptic Curve Cryptography Standards
ianG
iang at iang.org
Sat May 16 11:16:33 EDT 2015
On 16/05/2015 03:09 am, Ryan Carboni wrote:
> And AFAIK, the NSA curves (besides Dual_EC_DRBG) have not been proven to
> be backdoored, they've only been proven to be suspicious. How would you
> know that the NSA didn't choose the constants for additional security,
> like the DES s-boxes?
Suspicion is all we've got to work with. 'Proof' doesn't work when the
opponent is a decade or so ahead in the math, and refuses to come to the
court for any particular question to be tried. If this were a court,
we'd be trying questions on "balance of suspicion" not "beyond
reasonable doubt."
Also, the NIST curves are old; we have a decade's worth more knowledge.
That's worth quite a lot. Let's use it.
iang
More information about the cryptography
mailing list