[curves] Curves Digest, Vol 5, Issue 1
Paulo S. L. M. Barreto
pbarreto at larc.usp.br
Fri Jan 31 01:59:16 PST 2014
On Thu, 30 Jan 2014 22:45:03 -0800 Robert Ransom wrote:
> A true drop-in replacement for one of the NSA curves would be a
> small-parameter Edwards curve over the same field, satisfying the
> ?SafeCurves? criteria, with a=1 and non-square d, such that:
This is impossible per se. Most NIST fields simply do not satisfy the
SafeCurves criteria (this is pointed out in Mike Hamburg et al's Elligator
paper wrt P-256).
Paulo.
More information about the Curves
mailing list