ECC curve
in [Cryptography]
|
From: Rainer Urian on 19 Jan 2010 15:49 Hello, are elliptic curves of the form y^2 = x^3+ x*a over GF(p) , p > 3, prime usable for cryptography or is it unsafe to use such a curve? Thanks, Rainer
From: Richard Herring on 20 Jan 2010 05:44 In message <hj55tm$81g$00$1(a)news.t-online.com>, Rainer Urian <rainer(a)urian.eu> writes >Hello, > >are elliptic curves of the form y^2 = x^3+ x*a over GF(p) , p > 3, >prime >usable Certainly. There are plenty of references in the literature (e.g. with a=1 it's Barreto et al's "cryptographically interesting" curve E_1,0.) But "usable" for what, exactly? ... > for cryptography or is it unsafe to use such a curve? .... "Cryptography" is a huge field and concepts like "usable" and "unsafe" are ill-defined. You'd need to ask a much more specific question to get a meaningful answer. For instance, there are pairing-based attacks on supersingular curves (bad), but the existence of those same pairings facilitates a whole new class of identity-based systems (good (if that's what you need) ;-). -- Richard Herring
From: Rainer Urian on 20 Jan 2010 15:14 ok, I meant secure for ECDH and ECDSA algorithm "Richard Herring" <junk@[127.0.0.1]> schrieb im Newsbeitrag news:6ij2VRHY6tVLFwqu(a)baesystems.com... > In message <hj55tm$81g$00$1(a)news.t-online.com>, Rainer Urian > <rainer(a)urian.eu> writes >>Hello, >> >>are elliptic curves of the form y^2 = x^3+ x*a over GF(p) , p > 3, prime >>usable > > Certainly. There are plenty of references in the literature (e.g. with a=1 > it's Barreto et al's "cryptographically interesting" curve E_1,0.) But > "usable" for what, exactly? ... > >> for cryptography or is it unsafe to use such a curve? > > ... "Cryptography" is a huge field and concepts like "usable" and "unsafe" > are ill-defined. You'd need to ask a much more specific question to get a > meaningful answer. > > For instance, there are pairing-based attacks on supersingular curves > (bad), but the existence of those same pairings facilitates a whole new > class of identity-based systems (good (if that's what you need) ;-). > > -- > Richard Herring
From: Tadek on 20 Jan 2010 16:53 Standards for Efficient Cryptography Group (SECG) published a document called Recommended Elliptic Curve Domain Parameters: http://www.secg.org/download/aid-386/sec2_final.pdf These parameters/curves are safe to use and efficient. Regards T On Jan 20, 8:14 pm, "Rainer Urian" <rai...(a)urian.eu> wrote: > ok, > I meant secure for ECDH and ECDSA algorithm > > "Richard Herring" <junk@[127.0.0.1]> schrieb im Newsbeitragnews:6ij2VRHY6tVLFwqu(a)baesystems.com... > > > In message <hj55tm$81g$0...(a)news.t-online.com>, Rainer Urian > > <rai...(a)urian.eu> writes > >>Hello, > > >>are elliptic curves of the form y^2 = x^3+ x*a over GF(p) , p > 3, prime > >>usable > > > Certainly. There are plenty of references in the literature (e.g. with a=1 > > it's Barreto et al's "cryptographically interesting" curve E_1,0.) But > > "usable" for what, exactly? ... > > >> for cryptography or is it unsafe to use such a curve? > > > ... "Cryptography" is a huge field and concepts like "usable" and "unsafe" > > are ill-defined. You'd need to ask a much more specific question to get a > > meaningful answer. > > > For instance, there are pairing-based attacks on supersingular curves > > (bad), but the existence of those same pairings facilitates a whole new > > class of identity-based systems (good (if that's what you need) ;-). > > > -- > > Richard Herring
From: Rainer Urian on 20 Jan 2010 17:09 Thank you for the answer I didn't ask the question :-) I know the standardized secure curves very well. But thats not the point. Actually, the problem is as follows: There exists a ECC test specifiction for smartcards which wants to test that the smartcard should reject a ECC public key of the form (0,0). Now I wonder if this is a useful test or not. Such a point can only occure on curves of the form y^2 = x^3 + a*x "Tadek" <tstruk(a)gmail.com> schrieb im Newsbeitrag news:233846db-5fe5-42bb-8104-430e5da85b70(a)p8g2000yqb.googlegroups.com... Standards for Efficient Cryptography Group (SECG) published a document called Recommended Elliptic Curve Domain Parameters: http://www.secg.org/download/aid-386/sec2_final.pdf These parameters/curves are safe to use and efficient. Regards T On Jan 20, 8:14 pm, "Rainer Urian" <rai...(a)urian.eu> wrote: > ok, > I meant secure for ECDH and ECDSA algorithm > > "Richard Herring" <junk@[127.0.0.1]> schrieb im > Newsbeitragnews:6ij2VRHY6tVLFwqu(a)baesystems.com... > > > In message <hj55tm$81g$0...(a)news.t-online.com>, Rainer Urian > > <rai...(a)urian.eu> writes > >>Hello, > > >>are elliptic curves of the form y^2 = x^3+ x*a over GF(p) , p > 3, prime > >>usable > > > Certainly. There are plenty of references in the literature (e.g. with > > a=1 > > it's Barreto et al's "cryptographically interesting" curve E_1,0.) But > > "usable" for what, exactly? ... > > >> for cryptography or is it unsafe to use such a curve? > > > ... "Cryptography" is a huge field and concepts like "usable" and > > "unsafe" > > are ill-defined. You'd need to ask a much more specific question to get > > a > > meaningful answer. > > > For instance, there are pairing-based attacks on supersingular curves > > (bad), but the existence of those same pairings facilitates a whole new > > class of identity-based systems (good (if that's what you need) ;-). > > > -- > > Richard Herring
|
Next
|
Last
Pages: 1 2 Prev: Mixet.se® - International Business Advertising Next: ISP-10 Call for papers |