Re: [Cfrg] ECC mod 8^91+5

Dan Brown <> Mon, 16 October 2017 15:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DFA45132811 for <>; Mon, 16 Oct 2017 08:08:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, GB_AFFORDABLE=1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YI0y94QXCrgq for <>; Mon, 16 Oct 2017 08:08:19 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6422213234B for <>; Mon, 16 Oct 2017 08:08:19 -0700 (PDT)
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Oct 2017 11:08:18 -0400
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 16 Oct 2017 11:08:18 -0400
Received: from ([fe80::45d:f4fe:6277:5d1b]) by ([fe80::a15e:e4be:7302:3372%12]) with mapi id 14.03.0319.002; Mon, 16 Oct 2017 11:08:17 -0400
From: Dan Brown <>
To: "" <>
Thread-Topic: ECC mod 8^91+5
Thread-Index: AdLNjx77PpyZT1/ZSIWijHcZu9CKCR4/duow
Date: Mon, 16 Oct 2017 15:08:16 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US, en-CA
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Cfrg] ECC mod 8^91+5
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 16 Oct 2017 15:08:21 -0000


For those still interested, I've uploaded an Internet-Draft on ECC on 2y^2=x^3+x/GF(8^91+5):

It is very much a work-in-progress, maybe more so than a typical I-D.  

If I have incorporated some CFRG list comments into the draft, then I hope to properly acknowledge in the next update.

The main point of this curve is to use it in a system of multiply-applied diverse crypto, where its security features (special CM curve, minimal room for trapdoor) could complement those of other crypto algorithms (including PQC and other ECC algorithms).  Using this variant of ECC as the sole (PK) crypto would be risky (due to lack of track-record/aegis/scrutiny/etc.).

If the IETF and CFRG intend to generally pursue and encourage support of multiply-applied diverse crypto, at least where it is affordable (in the higher user-to-user network layers?), then I would ask the CFRG to consider this I-D as a work item.  Otherwise, maybe this I-D should stay on the individual submission stream.   

Best regards,


-----Original Message-----
From: Dan Brown 
Sent: Tuesday, May 16, 2017 1:36 PM
Subject: ECC mod 8^91+5

Hi all,

I'm considering writing an I-D on doing ECC over the field of size
   8^91+5    (=2^273+5),
because it:

For ECC with this field, I am also considering the special curve
because it: