[curves] BADA55 elliptic curves

Tony Arcieri bascule at gmail.com
Wed May 21 20:42:34 PDT 2014


On Wed, May 21, 2014 at 7:45 PM, Samuel Neves <sneves at dei.uc.pt> wrote:

> While random seeds are an obvious target of bruteforce for someone looking
> for "verifiably random" curves with specific
>  properties, I don't see how the same goal cannot be achieved with "fully
> rigid" curves.


Compare NIST P-256:

y^2 = x^3-3x
+41058363725152142129326129780047268409114441015993725554835256314039467401291
modulo p = 2^256 - 2^224 + 2^192 + 2^96 - 1


With Curve25519:

y^2 = x^3+486662x^2+x
modulo p = 2^255 - 19


Curve25519 definitely has much more of a "nothing up my sleeve" feel about
it.

(via http://safecurves.cr.yp.to/)

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140521/33a407ef/attachment.html>


More information about the Curves mailing list