----- Forwarded message from Tony Arcieri <bascule@gmail.com> ----- Date: Fri, 6 Sep 2013 13:21:21 -0700 From: Tony Arcieri <bascule@gmail.com> To: jamesd@echeque.com Cc: Randombit List <cryptography@randombit.net> Subject: Re: [cryptography] regarding the NSA crypto "breakthrough" On Fri, Sep 6, 2013 at 11:47 AM, James A. Donald <jamesd@echeque.com> wrote:
Time to generate and select new elliptic curves by an open process, wherein any large random quantities are chosen by a non secret process, such as searching for the appropriate value nearest a round number.
There are curves not selected by e.g. NIST with a published rationale for their selection, like Curve25519. Is there any reason why such curves can't be evaluated retroactively? http://cr.yp.to/ecdh/curve25519-20060209.pdf See in particular Theorem 2.1. -- Tony Arcieri _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5