On 30 September 2013 23:35, John Kelsey <crypto....@gmail.com> wrote:
> If there is a weak curve class of greater than about 2^{80} that NSA knew > about 15 years ago and were sure nobody were ever going to find that weak > curve class and exploit it to break classified communications protected by > it, then they could have generated 2^{80} or so seeds to hit that weak > curve class. > If the NSA's attack involves generating some sort of collision between a curve and something else over a 160-bit space, they wouldn't have to be worried that someone else would find and attack that "weak curve class" with less than 2^160 work.
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography