[Ach] choosing safe curves for elliptic-curve cryptography

ianG iang at iang.org
Mon May 12 16:39:05 CEST 2014

On 12/05/2014 13:27 pm, Aaron Zauner wrote:
> Hi Bernd
> On 05/12/2014 12:07 PM, Kohler, Bernd wrote:
>> Hi @ all,
>> Together with Tanja Lange,  Daniel J. Bernstein (aka djb) dropped some notes
>> about " choosing safe curves for elliptic-curve cryptography" on webpage [1]
>> (found via [2]).
>> AS I didn't find any hints, about this webpage here, I forwarded this FYI
> Reference to their project has been in our Paper since almost from the
> beginning (see theory sections - ECC).
> Discussion here on this list hasn't shifted to that topic for a whole
> though.

The issue of safe curves is at the wrong layer for the BetterCrypto
paper -- choosing safe curves should be done by the developer, and
should be fixed in the code.  There shouldn't be any choice available to
the application admin.

(A few biases showing through here of course:
which speaks to the developer... )


More information about the Ach mailing list