[curves] Million Dollar Curve
Krisztián Pintér
pinterkr at gmail.com
Wed Feb 24 14:36:06 PST 2016
Nathaniel McCallum <npmccallum at redhat.com> wrote:
> – a potential weakness because Curve25519 uses a very specific
> prime field.
as well as every other curve on the planet. even nist curves use
special primes.
> applications where speed is paramount, Curve25519 is probably the best
not where it is paramount. this wording suggests that for most
applications, speed is not an issue. the world is very different than
this picture. namely:
* we don't want a whole bunch of curves. we want only a handful,
ideally two, one regular size and one larger. adding more curves is a
disservice.
* speed is pretty much always and issue if one participant is a busy
server.
* we definitely want code simplicity. good curves are designed to have
simple and safe implementations. curve-specific implementations are
always simpler. less potential for errors, less code to audit.
More information about the Curves
mailing list