Is this crypto paper real or fake?

Georgi Guninski guninski at
Tue Sep 22 03:39:43 PDT 2015

On Mon, Sep 21, 2015 at 12:53:08PM -0700, Alice Wonder wrote:
> On 09/21/2015 03:58 AM, Peter Fairbrother wrote:
> >>secp112r1 : SECG/WTLS curve over a 112 bit prime field
> >>secp112r2 : SECG curve over a 112 bit prime field
> >
> >Yes. Pwnable.
> >
> I did not ask the question but thank you for your answer. I was a
> math major back in the early 90s but never really went that way
> career wise, but with the weak DH parameter revelations this topic
> has suddenly become a lot more interesting to me, and clearly I have
> a lot to learn. It is nice to see answers like yours that I can at
> least somewhat comprehend without hours of research.
> And I think that is part of the problem, while all programming
> involves some math, most of us do not have good enough of a grasp of
> cryptography to understand when we are doing something that can be
> broken or circumvented.

(CC'ing cypherpunks at for trolling reasons).

Your argument raises the question about the soundness
of the so called ``theory of many eyes''.

libressl/openssl ship elliptic curves of low quality,
and they can be detected by man documented command.

The low quality of the curves can be checked by going
to wikipedia's page about ECC dlog records.

AFAICT they probably implemented backdoored RFC (don't 
know if they knew it is backdoored).

This raises the question about more obscure features
buried in, say, obscure macros, misleading comments, etc.

No math knowledge required, but the low quality curves are weaker
that the backdoored DSA via generic dlog attack, unless
DSA allows much faster dlog in the small subgroup by 
exploiting the sub-exponential attack of dlog modulo $p$
(or some other attack).

More information about the cypherpunks mailing list