[146969] in cryptography@c2.net mail archive
Re: [Cryptography] Seed values for NIST curves
daemon@ATHENA.MIT.EDU (Tony Arcieri)
Tue Sep 10 15:07:47 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <522EF622.4080903@Strombergson.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 10 Sep 2013 10:42:56 -0700
To: Joachim@strombergson.com
Cc: Nemo <nemo@self-evident.org>, Crypto <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6267297126022655572==
Content-Type: multipart/alternative; boundary=001a11c3df4e333b9c04e60b0a12
--001a11c3df4e333b9c04e60b0a12
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On Tue, Sep 10, 2013 at 3:36 AM, Joachim Str=F6mbergson <
Joachim@strombergson.com> wrote:
> 1. We as a community create a list of curves that we agree on are good.
> The list is placed in a document, for example an RFC that clearly states
> what criteria has been used, what the sources for the curves are and how
> they has been generated. This allows any user to check the validity and
> the provenance.
This is more or less what djb did, sans the politics of an Internet
standards process (others have written IETF-style guidelines for actually
deploying his ciphers)
djb's rationale for Curve25519's parameters are provided in the paper. The
2^255-19 constant was selected by a theorem (see Theorem 2.1):
http://cr.yp.to/ecdh/curve25519-20060209.pdf
--=20
Tony Arcieri
--001a11c3df4e333b9c04e60b0a12
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Tue, Sep 10, 2013 at 3:36 AM, Joachim Str=F6mbergson <s=
pan dir=3D"ltr"><<a href=3D"mailto:Joachim@strombergson.com" target=3D"_=
blank">Joachim@strombergson.com</a>></span> wrote:<br><div class=3D"gmai=
l_extra">
<div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204=
);border-left-style:solid;padding-left:1ex">1. We as a community create a l=
ist of curves that we agree on are good.<br>
The list is placed in a document, for example an RFC that clearly states<br=
>
what criteria has been used, what the sources for the curves are and how<br=
>
they has been generated. This allows any user to check the validity and<br>
the provenance.</blockquote><div><br></div><div>This is more or less what d=
jb did, sans the politics of an Internet standards process (others have wri=
tten IETF-style guidelines for actually deploying his ciphers)</div><div>
<br></div><div>djb's rationale for Curve25519's parameters are prov=
ided in the paper. The 2^255-19 constant was selected by a theorem (see The=
orem 2.1):</div><div><br></div><div><a href=3D"http://cr.yp.to/ecdh/curve25=
519-20060209.pdf">http://cr.yp.to/ecdh/curve25519-20060209.pdf</a><br>
</div></div><div><br></div>-- <br>Tony Arcieri<br>
</div></div>
--001a11c3df4e333b9c04e60b0a12--
--===============6267297126022655572==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6267297126022655572==--