On Oct 1, 2013, at 12:51 PM, Adam Back wrote:
[Discussing how NSA might have generated weak curves via trying many choices
till they hit a weak-curve class that only they knew how to solve.]
...
> But the more interesting question I was referring to is a trapdoor weakness
> with a weak proof of
On 10/1/13 at 8:47 AM, basc...@gmail.com (Tony Arcieri) wrote:
If e.g. the NSA knew of an entire class of weak curves, they could perform
a brute force search with random looking seeds, continuing until the curve
parameters, after the seed is run through SHA1, fall into the class that's
known to
On Tue, Oct 1, 2013 at 9:51 AM, Adam Back wrote:
> Right but weak parameter arguments are very dangerous - the US national
> infrastructure they're supposed to be protecting could be weakened when
> someone else finds the weakness.
As the fallout from the Snowden debacle has shown (with estimat
On Tue, Oct 01, 2013 at 08:47:49AM -0700, Tony Arcieri wrote:
On Tue, Oct 1, 2013 at 3:08 AM, Adam Back <[1]a...@cypherspace.org>
wrote:
But I do think it is a very interesting and pressing research question
as to whether there are ways to plausibly deniably symmetrically
weaken
On Tue, Oct 1, 2013 at 3:08 AM, Adam Back wrote:
> But I do think it is a very interesting and pressing research question as
> to
> whether there are ways to plausibly deniably symmetrically weaken or even
> trapdoor weaken DL curve parameters, when the seeds are allowed to look
> random as the D