[Ach] choosing safe curves for elliptic-curve cryptography

ianG iang at iang.org
Mon May 12 19:29:49 CEST 2014 

On 12/05/2014 17:44 pm, Aaron Zauner wrote:
> 
> 
> ianG wrote:
>>
>> The issue of safe curves is at the wrong layer for the BetterCrypto
>> paper -- choosing safe curves should be done by the developer, and
>> should be fixed in the code.  There shouldn't be any choice available to
>> the application admin.
> Actually, I don't think it should be done by the developer but rather by
> people that define standards. Currently you can only negotiate for NIST
> curves in TLS,..


Yes, you can negotiate for NIST curves in TLS.  That's bad on two
fronts.  Firstly TLS followed someone else's lead, which now turns out
to have been recursively perverted (NIST followed someone else's lead).

And secondly, because users can negotiate at all.

Basically the developers of TLS stuffed up on the first point, by
letting these things be outsourced to other groups.  This was considered
to be "best practice" but we are now in a sort of generational shift
where developer/protocol leaders are insourcing more of this, defining
their own work from their own expertise, and moving towards less
negotiation / less options.

But it will be some time before this is recognised / widely agreed as a
better practice.

What is happening now is that TLS is working on getting one DJB/TL curve
in place.  As an interim, to cope with rapidly risen uncertainty in what
they have.  The big question is whether they'll start dropping all the
rest, once they get a current generation curve in there.



iang



ps; my use of terminology is particular and peculiar.  "Best practices"
is a widely used concept that outsources the work to an industry group
on the basis that individual players don't know but the crowd might.  So
it is really a misnomer, it is "lowest common denominator" for a sector,
and in effect it's the minimum they can get away with.  Not "best" at
all, indeed it is a proof that you're not competent, neither as an
individual nor as an industry sector.

Then, to contrast that, I've used the term 'better practices' to mean
ones you've developed yourself, using expertise, and stamping yourself
as competent in the area.

More information about the Ach mailing list