Nathaniel McCallum <npmccal...@redhat.com> wrote: > – a potential weakness because Curve25519 uses a very specific > prime field.
as well as every other curve on the planet. even nist curves use special primes. > applications where speed is paramount, Curve25519 is probably the best not where it is paramount. this wording suggests that for most applications, speed is not an issue. the world is very different than this picture. namely: * we don't want a whole bunch of curves. we want only a handful, ideally two, one regular size and one larger. adding more curves is a disservice. * speed is pretty much always and issue if one participant is a busy server. * we definitely want code simplicity. good curves are designed to have simple and safe implementations. curve-specific implementations are always simpler. less potential for errors, less code to audit. _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves