[curves] Review of NIST workshop

David Leon Gil coruus at gmail.com
Fri Jun 12 06:53:59 PDT 2015


As a quick note, I think that the more significant aspect of Flori's work
is that he appears to have code that can output efficiently verifiable
certificates for curves with the wrong cofactor.

(I have tried to get the necessary output from PARI's SEA early-aborts,
based on some code of Mike's, but have mainly succeeded in causing
segfaults because of PARI's rather obtuse stack-based garbage collection.)

- David
On Fri, Jun 12, 2015 at 5:30 AM William Whyte <wwhyte at securityinnovation.com>
wrote:

> http://eprint.iacr.org/2014/832
>
>
>
>
>
> *From:* Brian Smith [mailto:brian at briansmith.org]
> *Sent:* Friday, June 12, 2015 5:28 AM
> *To:* William Whyte
> *Cc:* Michael Hamburg; Trevor Perrin; Watson Ladd; curves at moderncrypto.org
>
>
> *Subject:* Re: [curves] Review of NIST workshop
>
>
>
>
>
> On Thu, Jun 11, 2015 at 11:18 PM, William Whyte <
> wwhyte at securityinnovation.com> wrote:
>
> There is also significant pressure from BSI against
> ed25519, which doesn't directly affect the US OEMs but which does muddy the
> waters about which curve actually is technically superior.
>
>
> Where can we read more about BSI's position regarding ed25519?
>
>
>
> Thanks,
>
> Brian
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20150612/98e4073f/attachment.html>


More information about the Curves mailing list