[prev in list] [next in list] [prev in thread] [next in thread] 

List:       moderncrypto-curves
Subject:    [curves] Any interest in random curves?
From:       mike () shiftleft ! org (Michael Hamburg)
Date:       2014-06-26 21:50:34
Message-ID: 22C741D9-D3BF-4282-B710-C7864FA3761A () shiftleft ! org
[Download RAW message or body]

On Jun 26, 2014, at 1:56 PM, Trevor Perrin <trevp at trevp.net> wrote:

> On Thu, Jun 26, 2014 at 10:39 AM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
> > 
> > My main concern with this proposal is the possibility of further
> > fragmentation by the creation of yet another set of curves.
> 
> Yeah, if you want to see the confusion that already exists, read the
> W3C discussion on adding Curve25519 to WebCrypto (why not Brainpool?
> why not BADA55?  Microsoft jumps in pushing their curves, etc):
> 
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839
> 
> IMO for mainstream purposes the world only needs Curve/Ed25519 and
> *maybe* an extra-strength curve.  The faster people coalesce around
> choices and work out engineering issues the better.  More curve
> families not helpful.

I figured you?d be against :-)  Anyone else want to weigh in on this?

By the way, a small Boggle board has approximately 55-60 bits of entropy if I \
calculated correctly.  I?m having trouble imagining an attack which would allow a \
reasonable probability of success with half this much entropy.  So if several boards \
are used, casino-grade attacks aren?t going to be enough, you?d have to go to \
magic-trick level.

Cheers,
? Mike


[prev in list] [next in list] [prev in thread] [next in thread]