On 01/12/2014 03:26 PM, Krisztián Pintér wrote: > as a side note: for any readers thinking "but this is nitpicking", > besides it is not, there are other, worse problems with NIST curves.
Could you elaborate what you mean by "other, worse problems with NIST curves"? I've tried looking for a rather exhaustive list of what is known so far. The best summary I've found is probably in these slides by the same authors that are behind SafeCurves - http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf, in short: - the points and coefficients used in NIST and SEC2 curves could be possibly "cooked" - (rather huge) timing and error side channels that are already covered at SafeCurves site, the slides go into a bit more detail sometimes Did I miss some other major issue? Thanks, Ondrej _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
