Re: [Cfrg] Curve25519 meets NUMS rigidity definition
Tanja Lange <tanja@hyperelliptic.org> Sat, 03 January 2015 20:58 UTC
Return-Path: <tanja@hyperelliptic.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE4C21A03AA for <cfrg@ietfa.amsl.com>; Sat, 3 Jan 2015 12:58:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.195
X-Spam-Level:
X-Spam-Status: No, score=0.195 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGSCa4RD64O0 for <cfrg@ietfa.amsl.com>; Sat, 3 Jan 2015 12:58:50 -0800 (PST)
Received: from calvin.win.tue.nl (calvin.win.tue.nl [131.155.70.11]) by ietfa.amsl.com (Postfix) with SMTP id DCEF91A039C for <cfrg@irtf.org>; Sat, 3 Jan 2015 12:58:48 -0800 (PST)
Received: (qmail 2386 invoked from network); 3 Jan 2015 20:59:08 -0000
Received: from unknown (HELO hyperelliptic.org) (131.155.71.33) by calvin.win.tue.nl with SMTP; 3 Jan 2015 20:59:08 -0000
Received: (qmail 19610 invoked by uid 1000); 3 Jan 2015 20:58:28 -0000
Date: Sat, 03 Jan 2015 21:58:28 +0100
From: Tanja Lange <tanja@hyperelliptic.org>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Message-ID: <20150103205828.GL28778@cph.win.tue.nl>
References: <CACsn0cmeGX5aAXJfJMo7UxOanDLPW_y+dOLf=Ue6izTQXkn2TA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0cmeGX5aAXJfJMo7UxOanDLPW_y+dOLf=Ue6izTQXkn2TA@mail.gmail.com>
User-Agent: Mutt/1.5.11
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/LL-Az9dz24oMeUduC0Bvses3DQQ
Subject: Re: [Cfrg] Curve25519 meets NUMS rigidity definition
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jan 2015 20:58:52 -0000
> So I'll take p=2^255-19, y^2=x^3+ux^2+x, and search for the minimal > positive u that makes the order of the curve 8 times prime, order of > the twist 4 times other prime, and minimal x coordinate on the curve > with prime order for the generator, with u congruent to 2 mod 4. I can > even throw in restrictions on endomorphism ring and supersingularity, > and it won't change the result. > Thanks for spelling this out in full detail. See also http://safecurves.cr.yp.to/rigid.html Tanja
- [Cfrg] Curve25519 meets NUMS rigidity definition Watson Ladd
- Re: [Cfrg] Curve25519 meets NUMS rigidity definit… Tanja Lange