[Cryptography] Why is ECC secure?

Alexandre Anzala-Yamajako anzalaya at gmail.com
Sat May 30 21:17:17 EDT 2015

2015-05-30 20:08 GMT+02:00 Ryan Carboni <ryacko at gmail.com>:
> There have been attacks as a result of nonce reuse and poorly generated
> nonces for ECC. There may be as of yet unknown attacks against ECC private
> keys that are heavily used but with random nonces.
> No such attacks for public key cryptosystems using prime factorization.

This is simply not true !
To use ECC one needs to share curves and while this is true that
there's suspicion growing about the NIST generated curves because of
the obscure nonces they have used for generation there are today
several several serious alternatives to those NIST curves see
http://safecurves.cr.yp.to/ for example.
It is also true that there might be an unknow class of curves for
which solving DLP is easier but there might also be a class of modulus
for which breaking RSA is trivial.
And as far as picking parameters go, once you agree on a trusworthy
curve (using for example Curve25519) it is much easier to generate
keypairs safely using ECC than it is for RSA : see the work of Nadia
Heninger presented at Crypto 2012 where it is shown that a large
number of device share only one prime factor of their public modulus
which makes it trivial for anyone to break their security

Alexandre Anzala-Yamajako

More information about the cryptography mailing list