[Cryptography] [FORGED] Re: Why is ECC secure?
Tony Arcieri
bascule at gmail.com
Sun May 31 17:49:49 EDT 2015
On Sun, May 31, 2015 at 2:03 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> >Show me one real-world example of a Montgomery ladder-based ECC system
> >leaking a private key because of a usage mistake.
>
> Sure, just give me about ten years or so until we've built up some
> real-world
> experience with it
This is just more FUD. Montgomery curves have been around since 1987, and
Curve25519 has existed for a decade. The problems you're talking about have
to do with completely different things: finite field D-H (i.e. NOT ECDH)
and ECDSA (Weierstrass, and just a crappy design in general).
By a similarly specious argument, I could make the claim that these things
are public key cryptosystems, and RSA is a public key cryptosystem, so
perhaps RSA is going to leak the key too, eh?
I'll leave you with another specious argument I call "appeal to djb":
https://pbs.twimg.com/media/CGWcXcJUIAAH75C.png:large
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150531/67671e05/attachment.html>
More information about the cryptography
mailing list