[curves] Independence of SafeCurves conditions [was Re: Twist-secure Weierstrass curves over Fq(Sal384)]
David Leon Gil
coruus at gmail.com
Sun Dec 14 17:15:37 PST 2014
On Wed, Dec 3, 2014 at 7:09 PM, David Leon Gil <coruus at gmail.com> wrote:
> On Sat, Nov 29, 2014 at 6:14 PM, David Leon Gil <coruus at gmail.com> wrote:
>> egregious blunders are entirely mine, however.)
>
> Speaking of egregious blunders: those results are incorrect. I was
> inadvertently omitting curves with small factors on the twist; the
> real probability of a twist-secure curve is somewhat lower.
So, updated results on GitHub, same link. Probability of a prime order
Weierstrass curve having a twist with cofactor 1: < ~2%. (Essentially
unchanged.)
Questions:
- Are other SafeCurves properties independently distributed?
- Or, relatedly, is there anything "special" about twist-secure curves
(asides from them having a secure twist)?
(By the way, does anyone have decent code for computing discriminants?)
More information about the Curves
mailing list