[cryptography] regarding the NSA crypto "breakthrough"

Eugen Leitl eugen at leitl.org
Fri Sep 6 13:25:32 PDT 2013


----- Forwarded message from Tony Arcieri <bascule at gmail.com> -----

Date: Fri, 6 Sep 2013 13:21:21 -0700
From: Tony Arcieri <bascule at gmail.com>
To: jamesd at echeque.com
Cc: Randombit List <cryptography at randombit.net>
Subject: Re: [cryptography] regarding the NSA crypto "breakthrough"

On Fri, Sep 6, 2013 at 11:47 AM, James A. Donald <jamesd at echeque.com> wrote:

> Time to generate and select new elliptic curves by an open process,
> wherein any large random quantities are chosen by a non secret process,
> such as searching for the appropriate value nearest a round number.
>

There are curves not selected by e.g. NIST with a published rationale for
their selection, like Curve25519. Is there any reason why such curves can't
be evaluated retroactively?

http://cr.yp.to/ecdh/curve25519-20060209.pdf

See in particular Theorem 2.1.

-- 
Tony Arcieri

_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list