On 2013-09-06 12:31 PM, Jerry Leichter wrote:
Another interesting goal: "Shape worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS." Elsewhere, "enabling access" and "exploiting systems of interest" and "inserting vulnerabilities". These are all side-channel attacks. I see no other reference to "cryptanalysis", so I would take this statement at face value: NSA has techniques for doing cryptanalysis on certain algorithms/protocols out there, but not all, and they would like to steer public cryptography into whatever areas they have attacks against. This makes any NSA recommendation *extremely* suspect. As far as I can see, the bit push NSA is making these days is toward ECC with some particular curves.
The mathematics of ECC is such that one would expect that curves with backdoors that are difficult to find, or impossible to find except through construction, exist.
Therefore, one should never employ a particular curve recommended by NSA, but rather a random or arbitrary curve.
_______________________________________________ The cryptography mailing list email@example.com http://www.metzdowd.com/mailman/listinfo/cryptography