[curves] Review of NIST workshop

Michael Hamburg mike at shiftleft.org
Fri Jun 12 07:02:11 PDT 2015 

I actually have code for this based on PARI’s early aborts, and I used it to generate a cert for Ed448-Goldilocks that it uses the smallest d.  But my cert generation code is a huge mess.  Hopefully Jean-Pierre Flori’s work is cleaner.

> On Jun 12, 2015, at 9:53 AM, David Leon Gil <coruus at gmail.com> wrote:
> 
> As a quick note, I think that the more significant aspect of Flori's work is that he appears to have code that can output efficiently verifiable certificates for curves with the wrong cofactor.
> 
> (I have tried to get the necessary output from PARI's SEA early-aborts, based on some code of Mike's, but have mainly succeeded in causing segfaults because of PARI's rather obtuse stack-based garbage collection.)
> 
> - David
> On Fri, Jun 12, 2015 at 5:30 AM William Whyte <wwhyte at securityinnovation.com <mailto:wwhyte at securityinnovation.com>> wrote:
> http://eprint.iacr.org/2014/832 <http://eprint.iacr.org/2014/832>
>  
>  
> From: Brian Smith [mailto:brian at briansmith.org <mailto:brian at briansmith.org>] 
> Sent: Friday, June 12, 2015 5:28 AM
> To: William Whyte
> Cc: Michael Hamburg; Trevor Perrin; Watson Ladd; curves at moderncrypto.org <mailto:curves at moderncrypto.org>
> 
> Subject: Re: [curves] Review of NIST workshop
> 
> 
>  
>  
> On Thu, Jun 11, 2015 at 11:18 PM, William Whyte <wwhyte at securityinnovation.com <mailto:wwhyte at securityinnovation.com>> wrote:
> 
> There is also significant pressure from BSI against
> ed25519, which doesn't directly affect the US OEMs but which does muddy the
> waters about which curve actually is technically superior.
> 
> 
> Where can we read more about BSI's position regarding ed25519?
> 
>  
> Thanks,
> 
> Brian
> 
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org <mailto:Curves at moderncrypto.org>
> https://moderncrypto.org/mailman/listinfo/curves <https://moderncrypto.org/mailman/listinfo/curves>
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20150612/e9f1dd72/attachment.html>

More information about the Curves mailing list