[Cryptography] real world binary ecc
James Muir
muir.james.a at gmail.com
Fri Nov 13 12:08:57 EST 2020
On 2020-11-12 1:12 a.m., jamesd at echeque.com wrote:
> What you want from an elliptic curve is that it is fast and that it does
> not come from a committee because an NSA agent is always on that
> committee. I recommend libsodium's ristretto255
>
> Why do you want binary fields?
Thanks for your reply.
I'm interested in the question of whether a cryptographic library should
bother to include support for binary curves. The answer to that depends
on what type of library we are talking about.
libsodium isn't a general purpose crypto library. It makes (good)
choices about the underlying crypto for the user.
but suppose you want to create a new TLS library. Should you support
binary curves? or maybe you want to offer a library people could use
when following FIPS 186-4. TLS and FIPS 186-4 do mention binary ecc,
but is it used in practice?
Has anyone seen TLS use binary ecc in real life?
Do any other spec/standards recommend binary ecc?
-James M
More information about the cryptography
mailing list