[148917] in cryptography@c2.net mail archive
Re: [Cryptography] Dual_EC_DRBG backdoor: a proof of concept
daemon@ATHENA.MIT.EDU (andrew cooke)
Fri Jan 3 18:36:13 2014
X-Original-To: cryptography@metzdowd.com
Date: Fri, 3 Jan 2014 20:34:20 -0300
From: andrew cooke <andrew@acooke.org>
To: =?iso-8859-1?Q?Kriszti=E1n_Pint=E9r?= <pinterkr@gmail.com>
In-Reply-To: <129731091.20140103235015@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
Thierry Moreau <thierry.moreau@connotech.com>,
Theodore Ts'o <tytso@mit.edu>, Jon Callas <jon@callas.org>,
ianG <iang@iang.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, Jan 03, 2014 at 11:50:15PM +0100, Kriszti=E1n Pint=E9r wrote:
> >> that said, as i heard, dual-ec does not have a security proof. correct
> >> me if i'm wrong.
> =
> > It has a security proof *if* the primes chosen in an honest fashion.
> =
> are you sure of that? because i recall that someone said it is a myth,
> it does not have a proof. unlike bbs that indeed has. anyway, i might
> be wrong on that, but that is what i heard.
http://eprint.iacr.org/2006/117
andrew
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
