[Cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

ianG iang at iang.org
Sat May 16 11:16:33 EDT 2015

On 16/05/2015 03:09 am, Ryan Carboni wrote:

> And AFAIK, the NSA curves (besides Dual_EC_DRBG) have not been proven to
> be backdoored, they've only been proven to be suspicious. How would you
> know that the NSA didn't choose the constants for additional security,
> like the DES s-boxes?

Suspicion is all we've got to work with.  'Proof' doesn't work when the 
opponent is a decade or so ahead in the math, and refuses to come to the 
court for any particular question to be tried.  If this were a court, 
we'd be trying questions on "balance of suspicion" not "beyond 
reasonable doubt."

Also, the NIST curves are old;  we have a decade's worth more knowledge. 
  That's worth quite a lot.  Let's use it.


More information about the cryptography mailing list