On 2013-09-06 12:31 PM, Jerry Leichter wrote:
Another interesting goal:  "Shape worldwide commercial cryptography marketplace to make it more tractable to advanced 
cryptanalytic capabilities being developed by NSA/CSS."  Elsewhere, "enabling access" and "exploiting systems 
of interest" and "inserting vulnerabilities".  These are all side-channel attacks.  I see no other reference to 
"cryptanalysis", so I would take this statement at face value:  NSA has techniques for doing cryptanalysis on certain 
algorithms/protocols out there, but not all, and they would like to steer public cryptography into whatever areas they have 
attacks against.  This makes any NSA recommendation *extremely* suspect.  As far as I can see, the bit push NSA is making these 
days is toward ECC with some particular curves.

The mathematics of ECC is such that one would expect that curves with backdoors that are difficult to find, or impossible to find except through construction, exist.

Therefore, one should never employ a particular curve recommended by NSA, but rather a random or arbitrary curve.
The cryptography mailing list

Reply via email to