[curves] The great debate over point formats (Mike Hamburg)
rransom.8774 at gmail.com
Sat Feb 1 23:29:11 PST 2014
On 2/1/14, Watson Ladd <watsonbladd at gmail.com> wrote:
> I don't know that isogeny to a short Weierstrass curve actually solves
> anything, unless we transmit the points in that manner.
> But then a lot of the security gains vanish: we need to validate
> points, formulas get slow, etc.
* Using a curve specified in short-Weierstrass form, and transmitting
points in short-Weierstrass form, makes updating an existing NSA-curve
DH or DSA implementation to start using the new curve nearly trivial.
* After an implementation has been modified to use the new curve, it
can later be patched to use the isomorphic and/or isogenous curves
with faster/safer formulas, with most of the benefits. The only
security issues compared to e.g. Curve25519 would be the possibility
of undefined cases in the isomorphism/isogeny formulas.
More information about the Curves