Hi Benjamin, May I ask what are the sizes of brainpool curves used in practice?
Thank, Xuelei > On Nov 14, 2022, at 12:36 AM, benjamin.marw...@f-i.de wrote: > > Hello everyone! > > To our surprise, brainpool EC have been deprecated with Java 14+ [1]. > However, JDK-8234924 [1] does not add any information on WHY they would have > been deprecated. > In fact, neither NIST (USA) nor BSI (Germany) list them as deprecated. > On the contrary, both institutions list them as an acceptable cipher. > > As a matter of fact, the deprecation notice seem to have originated by bad > wording. > Please read this quote from Manfred Lochter, how works at the BSI: > >> The unfortunate wording about the brainpool curves originated in TLS 1.3, >> however RFC 8734 makes the curves usable for TLS again. >> We will continue to recommend the Brainpool curves. >> It should also be noted that the arguments for the "modern formulas" have >> all been refuted by now. >> Especially the implementation of Curve 25519 requires more effort to protect >> against SCA; >> the deterministic signatures are vulnerable to fault injection. >> In the medium term, however, the switch to post-quantum cryptography is >> necessary; >> there are comprehensive recommendations on this at [2] > > Now, european banking and health industry still do rely heavily on brainpool > curves. > Given all these facts, I hereby request to undo the depracation of brainpool > EC in OpenJDK. > > Please let me know what lead to the assumption that brainpool ciphers were > deprecated. > Neither NIST nor BSI seems to be the source. Given all the facts, it should > still be included. > > References: > > [1]: https://bugs.openjdk.org/browse/JDK-8234924 > [2]: > https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/quantentechnologien-und-post-quanten-kryptografie_node.html > > > Mit freundlichen Grüßen > > Benjamin Marwell >
