[Cryptography] Brainpool Curves Found to Be Suspicious
Ryan Carboni
ryacko at gmail.com
Sun Sep 27 17:17:41 EDT 2015
http://bada55.cr.yp.to/brainpool.html
I have nothing to add except a quotation from the above hypertext document.
I am not certain what it proves, but suspicious crypto should be avoided.
The Brainpool standard says that it provides "verifiably pseudo-random"
> curves along with "data that allow to verify that the curves were
> pseudo-randomly generated". However, the BADA55 Research Team has
> discovered that *none of the standard Brainpool curves below 512 bits
> were generated by the standard Brainpool curve-generation procedure.* Apparently
> the public never actually tried to verify the curves. This is an
> inspirational example, suggesting a simple strategy for subverting
> subsequent standards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150927/27553f83/attachment.html>
More information about the cryptography
mailing list