Re: [Cfrg] 512-bit twisted Edwards curve and curve generation methods in Russian standardization
Tony Arcieri <bascule@gmail.com> Wed, 28 January 2015 17:37 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0C7C1A1F00 for <cfrg@ietfa.amsl.com>; Wed, 28 Jan 2015 09:37:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0BPhzLyQg7A for <cfrg@ietfa.amsl.com>; Wed, 28 Jan 2015 09:37:18 -0800 (PST)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 599431A1B69 for <cfrg@irtf.org>; Wed, 28 Jan 2015 09:37:18 -0800 (PST)
Received: by mail-oi0-f42.google.com with SMTP id i138so18654912oig.1 for <cfrg@irtf.org>; Wed, 28 Jan 2015 09:37:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=2Cdc+e1rja7EYMPkX+rBTICWNYalr0Ad1OWXlMtoTpc=; b=Toy3Qh6Y90dWtQaavyR6eekRCL0L1vITiZ+WN0BrfFCIOfal+biP+4wmr1ZSJZqekr RftKquXYuYsuD283LPMglWlzrIwp5hIrGNCG5pVvHSMoJeGNQJJUSjvEj3kL1f1OfMkE K0ESpx+4C62HypHF7MWCQMQGbUByS2bJfGIY5jsi0knDIJflP7GmWmx/aisCaDe+U7Q8 0hoZZSmS8r7p0p9qrQ23KeSQJulFTiELp421HTHFZj8+nYyTdUl5qvrlrifQkitdCKy8 bfU6Q8Jqm5al1SQhgLfVcIp2dTWHDLH7gTlcQmiJF7t3wZ5OrMVs4PDUi6nCLO6ZioLX ZITw==
X-Received: by 10.202.187.10 with SMTP id l10mr2769158oif.86.1422466637649; Wed, 28 Jan 2015 09:37:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.202.224.5 with HTTP; Wed, 28 Jan 2015 09:36:57 -0800 (PST)
In-Reply-To: <F1BAFC8D-F380-420F-8254-2BD17A3E4A79@vpnc.org>
References: <CAMr0u6=prmjMv7e+S5UAGVw+uCQWPk-f86Koa04GVx8CZs4J4Q@mail.gmail.com> <C877C13D-0178-4BDD-BC58-4E7C417600D1@akr.io> <CAMr0u6=pgV8P19zoEbztCas20XX68V40wN-3qwrbqAxQeMpJQg@mail.gmail.com> <CAHOTMVK63wE1PNypoJ_Ems734UMD_vEOq-muYLzNvVPMWwv==g@mail.gmail.com> <F1BAFC8D-F380-420F-8254-2BD17A3E4A79@vpnc.org>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 28 Jan 2015 09:36:57 -0800
Message-ID: <CAHOTMVKcTvQbWyVexNJdrtXx-vz6HCbK+D=WLriHDQPLotL0VQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="001a113ce040a49d62050db9d25d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/_Zs5RKnTNh4VdY46IQ2TlY1ZcI0>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] 512-bit twisted Edwards curve and curve generation methods in Russian standardization
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jan 2015 17:37:20 -0000
On Wed, Jan 28, 2015 at 9:33 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > That is a huge overstatement of what they showed. No it isn't. Unless these numbers are justified they can be poisoned. > They showed that if a group of people with a common interest pick the form > for the verifiably random value, they can tweak parameters. There are > obvious procedures that prevent the number being chosen by such a group, > and instead have the number chosen by a group where even if a single person > is trusted, the randomness is trusted. > I guess you're probably talking about Brainpool? I guess the Brainpool numbers are probably ok? But why use this sort of process at all? It just provides an avenue for suspicion. -- Tony Arcieri
- [Cfrg] 512-bit twisted Edwards curve and curve ge… Станислав Смышляев
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Paterson, Kenny
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Stanislav V. Smyshlyaev
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Alyssa Rowan
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Stanislav V. Smyshlyaev
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Tony Arcieri
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Paul Hoffman
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Watson Ladd
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Tony Arcieri
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Stanislav V. Smyshlyaev
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Paul Hoffman
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Alyssa Rowan
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Tony Arcieri
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Stanislav V. Smyshlyaev
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… Stanislav V. Smyshlyaev
- Re: [Cfrg] 512-bit twisted Edwards curve and curv… CodesInChaos