On 2013-09-06 12:31 PM, Jerry Leichter wrote:

Another interesting goal: "Shape worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS." Elsewhere, "enabling access" and "exploiting systems of interest" and "inserting vulnerabilities". These are all side-channel attacks. I see no other reference to "cryptanalysis", so I would take this statement at face value: NSA has techniques for doing cryptanalysis on certain algorithms/protocols out there, but not all, and they would like to steer public cryptography into whatever areas they have attacks against. This makes any NSA recommendation *extremely* suspect. As far as I can see, the bit push NSA is making these days is toward ECC with some particular curves.

`The mathematics of ECC is such that one would expect that curves with`

`backdoors that are difficult to find, or impossible to find except`

`through construction, exist.`

`Therefore, one should never employ a particular curve recommended by`

`NSA, but rather a random or arbitrary curve.`

_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography