[curves] Curve448

Ron Garret ron at flownet.com
Tue Oct 20 09:15:40 PDT 2015

On Oct 20, 2015, at 6:41 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:

> the scope of hypothetical future attacks is boundless.

That is and will continue to be the case for everything until someone proves that P!=NP.

> So how does one make a decision here?

Like everything else, you have to weigh the costs and benefits relative to your own risk posture.  Personally, I feel quite comfortable with curve25519 for anything short of guarding a nuclear arsenal.  But this is a decision that everyone ultimately needs to make for themselves.  On the one hand, the cost of curve448 is not that much higher than curve25519, so there’s not really any good reason not to do it unless you are working with limited hardware or some external constraint like fitting signatures in QR codes or something like that.


More information about the Curves mailing list