Re: [Cfrg] ECC reboot (Was: When's the decision?)

Tanja Lange <tanja@hyperelliptic.org> Tue, 21 October 2014 11:40 UTC

Return-Path: <tanja@hyperelliptic.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E2971A1AE0 for <cfrg@ietfa.amsl.com>; Tue, 21 Oct 2014 04:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nu5Hjl91mWw5 for <cfrg@ietfa.amsl.com>; Tue, 21 Oct 2014 04:40:04 -0700 (PDT)
Received: from mace.cs.uic.edu (mace.cs.uic.edu [131.193.32.224]) by ietfa.amsl.com (Postfix) with SMTP id F0F2E1A1ADF for <cfrg@irtf.org>; Tue, 21 Oct 2014 04:40:03 -0700 (PDT)
Received: (qmail 4604 invoked from network); 21 Oct 2014 11:39:59 -0000
Received: from pcdhz005.win.tue.nl (HELO hyperelliptic.org) (131.155.71.33) by mace.cs.uic.edu with SMTP; 21 Oct 2014 11:39:59 -0000
Received: (qmail 17138 invoked by uid 1000); 21 Oct 2014 11:40:03 -0000
Date: Tue, 21 Oct 2014 13:40:03 +0200
From: Tanja Lange <tanja@hyperelliptic.org>
To: "Lochter, Manfred" <manfred.lochter@bsi.bund.de>
Message-ID: <20141021114003.GZ5502@cph.win.tue.nl>
References: <D065A817.30406%kenny.paterson@rhul.ac.uk> <201410211027.13608.manfred.lochter@bsi.bund.de> <20141021090529.GA12154@LK-Perkele-VII> <201410211127.53008.manfred.lochter@bsi.bund.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201410211127.53008.manfred.lochter@bsi.bund.de>
User-Agent: Mutt/1.5.11
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/LQaObHszAV0n2seaH5ddF5ol6t8
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] ECC reboot (Was: When's the decision?)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 11:40:06 -0000

Dear Manfred,

On Tue, Oct 21, 2014 at 11:27:52AM +0200, Lochter, Manfred wrote:
> b) The original Brainpool curves have falsely been discredited  in the 
> BADA55-paper.
> 

What do you claim to be false in that paper?

We show -- and as far as I know are the first to show -- that the
approach to generate the BP curves allows the designer of that
approach to hide a one-in-a-million weakness in the resulting 
curve, should he or she have found such a weakness.

Regards
	Tanja