Bernstein and Lange -- Safe curves for Elliptic Curve Cryptography [pdf] (eprint.iacr.org)
from solrize@lemmy.world to cryptography@lemmy.ml on 14 Aug 2024 09:27
https://lemmy.world/post/18631032

This is a technical but quite informative article, nominally about which elliptic curves have good security properties, but also discusses the intentions behind using EC instead of older systems like RSA (basically, EC is safer against some known classes of attacks).

Posting partly because EC vs RSA came up here a few days ago.

#cryptography

threaded - newest

N0x0n@lemmy.ml on 14 Aug 2024 12:13 collapse

Thanks for sharing !! Very difficult to read through and way to much math overhead for my non-educated brain… However, I like reading those kind of statements:

Similarly, regarding the NIST curves, NIST wrote the following in 2019 [183]: NIST is not aware of any vulnerabilities to attacks on these curves when they are implemented correctly and used as described in NIST standards and guidelines. Regarding better curves, [183] wrote that “their designers claim that they offer better performance and are easier to implement in a secure manner”; [183] did not cite any of the literature demonstrating the performance benefits and ease of secure implementation of these curves, and did not mention the likelihood and consequences of insecure implementation of the NIST curves.

NSA: “Trust me bro”

cypherpunks@lemmy.ml on 14 Aug 2024 14:53 next collapse

See also Section 7.3 and Appendix C (and the BADA55 Crypto paper that the email in Appendix C refers to).

solrize@lemmy.world on 14 Aug 2024 16:26 collapse

Bitcoin uses NIST P256 iirc, so you can possibly turn implementation mistakes into cash. :)