On 10/13/2014 04:51 PM, Derek Miller wrote: > Like many people, I consider the seed values used to generate the NIST > Prime curves suspicious. > However, considering one of the scenarios where these curves might be > compromised (the NSA knew of weaknesses in certain curves, and engineered > the NIST Prime curves to be subject to those weaknesses), does it even make > sense to use ECC at all? > If the NIST curves are weak in a way that we don't understand, this means > that ECC has properties that we don't understand. > Thus, if you don't trust the NIST Prime curves, does it make sense to trust > any ECC curves at all?
In addition to the technical replies, I hope I don't annoy people by pointing out an obvious benefit of avoiding NIST ECC curves: To punish the NSA and anybody who collaborates with them for the harm they put on the world. Isolating them and putting pressure on groups breaking the isolation strategy is one of the most effective measures we have as a community to retaliate and protect us from further harm. You can also see it as an implementation of the most basic game strategy: tit for tat, or, in other words: trust until trust is broken, then don't trust. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
