[curves] "Abandoning ECC" — Any replies to "A riddle wrapped in a curve"?

Jeff Burdges burdges at gnunet.org
Fri Oct 23 17:24:51 PDT 2015

There are no post-quantum proposals from the NSA anywhere in sight
however, right?  

Is it possible they have post-quantum algorithms they wish to remain
classified, like particular arguments for choosing key sizes for just
Ring-LWE DH?  Yet, they need a public announcement like this to shut
down government contractors currently building products based upon ECC.
In that scenario, they do not really need any attacks on ECC beyond
Shor's algorithm.  There might even be money to be made choosing what
contractors get to use the post-quantum algorithms.  

On Fri, 2015-10-23 at 16:08 -0700, Ray Dillinger wrote:
> Which IMO leaves non-technical reasons.  It could be a subterfuge
> to try to hinder crypto adoption, or to get that focused analytical
> attention on ECC, or an attempt to get people to stop using something
> they don't know how to break. Heck, it could even be a legitimate
> attempt to protect the security of the nation's infrastructure; you
> just never know with these guys.

Just another fun conspiracy theory :  They dislike that small key sizes
encourage people to use a *lot* of crypto, maybe including the long
-term forward-secrecy found in Axolotl based system.  Axolotl becomes
as strong as a deterministic one-time pad if they miss the wrong


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20151024/04e38c9d/attachment.sig>

More information about the Curves mailing list