On Oct 1, 2013, at 12:51 PM, Adam Back a...@cypherspace.org wrote:
[Discussing how NSA might have generated weak curves via trying many choices
till they hit a weak-curve class that only they knew how to solve.]
...
But the more interesting question I was referring to is a trapdoor weakness
On Tue, Oct 1, 2013 at 3:08 AM, Adam Back a...@cypherspace.org wrote:
But I do think it is a very interesting and pressing research question as
to
whether there are ways to plausibly deniably symmetrically weaken or even
trapdoor weaken DL curve parameters, when the seeds are allowed to look
On Tue, Oct 01, 2013 at 08:47:49AM -0700, Tony Arcieri wrote:
On Tue, Oct 1, 2013 at 3:08 AM, Adam Back [1]a...@cypherspace.org
wrote:
But I do think it is a very interesting and pressing research question
as to whether there are ways to plausibly deniably symmetrically
weaken
On Tue, Oct 1, 2013 at 9:51 AM, Adam Back a...@cypherspace.org wrote:
Right but weak parameter arguments are very dangerous - the US national
infrastructure they're supposed to be protecting could be weakened when
someone else finds the weakness.
As the fallout from the Snowden debacle has
On 10/1/13 at 8:47 AM, basc...@gmail.com (Tony Arcieri) wrote:
If e.g. the NSA knew of an entire class of weak curves, they could perform
a brute force search with random looking seeds, continuing until the curve
parameters, after the seed is run through SHA1, fall into the class that's
known