[146931] in cryptography@c2.net mail archive
Re: [Cryptography] Seed values for NIST curves
daemon@ATHENA.MIT.EDU (Tony Arcieri)
Mon Sep 9 18:48:34 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CADB8SMZMABRah3dCUeMBvA-a23Z50LFwCUHXEqtLzSgQRTL3DQ@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 9 Sep 2013 15:46:42 -0700
To: Nemo <nemo@self-evident.org>
Cc: Crypto <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3816255402363645128==
Content-Type: multipart/alternative; boundary=20cf307812b6b1dc6704e5fb2a26
--20cf307812b6b1dc6704e5fb2a26
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Sep 9, 2013 at 10:37 AM, Nemo <nemo@self-evident.org> wrote:
> The approach appears to be an attempt at a "nothing up my sleeve"
> construction. Appendix A says how to start with a seed value and use SHA-1
> as a psuedo-random generator to produce candidate curves until a suitable
> one is found.
>
The question is... suitable for what? djb argues it could be used to find a
particularly weak curve, depending on what your goals are:
http://i.imgur.com/o6Y19uL.png
(originally from http://www.hyperelliptic.org/tanja/vortraege/20130531.pdf)
--
Tony Arcieri
--20cf307812b6b1dc6704e5fb2a26
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Mon, Sep 9, 2013 at 10:37 AM, Nemo <span dir=3D"ltr">&l=
t;<a href=3D"mailto:nemo@self-evident.org" target=3D"_blank">nemo@self-evid=
ent.org</a>></span> wrote:<br><div class=3D"gmail_extra"><div class=3D"g=
mail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div dir=3D"ltr"><div>The approach appears to be an attemp=
t at a "nothing up my sleeve" construction. Appendix A says how t=
o start with a seed value and use SHA-1 as a psuedo-random generator to pro=
duce candidate curves until a suitable one is found.</div>
</div></blockquote><div><br></div><div>The question is... suitable for what=
? djb argues it could be used to find a particularly weak curve, depending =
on what your goals are:</div><div><br></div><div><a href=3D"http://i.imgur.=
com/o6Y19uL.png">http://i.imgur.com/o6Y19uL.png</a><br>
</div><div><br></div><div>(originally from=A0<a href=3D"http://www.hyperell=
iptic.org/tanja/vortraege/20130531.pdf">http://www.hyperelliptic.org/tanja/=
vortraege/20130531.pdf</a>)</div></div><div><br></div>-- <br>Tony Arcieri<b=
r>
</div></div>
--20cf307812b6b1dc6704e5fb2a26--
--===============3816255402363645128==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3816255402363645128==--