[curves] BADA55 elliptic curves
Tony Arcieri
bascule at gmail.com
Wed May 21 20:42:34 PDT 2014
On Wed, May 21, 2014 at 7:45 PM, Samuel Neves <sneves at dei.uc.pt> wrote:
> While random seeds are an obvious target of bruteforce for someone looking
> for "verifiably random" curves with specific
> properties, I don't see how the same goal cannot be achieved with "fully
> rigid" curves.
Compare NIST P-256:
y^2 = x^3-3x
+41058363725152142129326129780047268409114441015993725554835256314039467401291
modulo p = 2^256 - 2^224 + 2^192 + 2^96 - 1
With Curve25519:
y^2 = x^3+486662x^2+x
modulo p = 2^255 - 19
Curve25519 definitely has much more of a "nothing up my sleeve" feel about
it.
(via http://safecurves.cr.yp.to/)
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140521/33a407ef/attachment.html>
More information about the Curves
mailing list