At 12:18 PM +0300 9/14/05, Alexander Klimov wrote:
This hints that indeed only some particular curves are patented.
It's not just curves. Certicom has patents for some optimizations and methods for validating the strength of some uses of ECC.
Grepping -list_curves of the new openssl (0.9.8) which has a list of curves from SECG, WTLS, NIST, and X9.62 gives not that much: secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field Alternatively, this coverage can be interpreted that NSA is not interested in curves which provide less security than 128-bit AES. Any idea, which alternative is true?
Both are probably true. Why would anybody be interested in curves that do not support their minimum strength ciphers?
--Paul Hoffman, Director --VPN Consortium --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
