From this blog post: http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html <http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html>
To quote Matthew Green: <BEGIN> By calculating the number of possible curve families, Koblitz and Menezes show that a vast proportion of curves (for P-256, around 2^{209} out of 2^{257}) would have to be weak in order for the NSA to succeed in this attack. The implications of such a large class of vulnerable curves is very bad for the field of ECC. It dwarfs every previous known weak curve class and would call into question the decision to use ECC at all. In other words, Koblitz and Menezes are saying that if you accept the weak curve hypothesis into your heart, the solution is not to replace the NIST elliptic curves <https://www.ietf.org/mail-archive/web/cfrg/current/msg06426.html> with anything at all, but rather, to leave the building as rapidly as possible and perhaps not shut the door on the way out. No joke. On the gripping hand, this sounds very much like the plan NSA is currently implementing. Perhaps we should be worried. </END> So, I’m not a cryptographer, but ya’ll (supposedly) are. Any legitimacy to this? - Greg
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves