On Sep 7, 2013, at 6:30 PM, "James A. Donald" <jam...@echeque.com> wrote:

> On 2013-09-08 4:36 AM, Ray Dillinger wrote:
>> But are the standard ECC curves really secure? Schneier sounds like he's got
>> some innovative math in his next paper if he thinks he can show that they
>> aren't.
> Schneier cannot show that they are trapdoored, because he does not know where 
> the magic numbers come from.
> To know if trapdoored, have to know where those magic numbers come from.

That will not work....

When the community questioned the source of the DES S boxes, Don Coppersmith 
and Walt Tuchman if IBM at the time openly discussed the how they were 
generated and it still did not quell the suspicion. I bet there are many that 
still believe DES has an yet to be determined backdoor. 

There is no way to prove the absence of a back door, only to prove or argue 
that a backdoor exists with (at least) a demonstration or evidence one is being 
used. Was there any hint in the purloined material to this point? There seems 
to be the opposite. TLS using ECC is not common on the Internet (See "Ron was 
wrong, Whit is right"). If there is a vulnerability in ECC it is not the source 
of today's consternation. (ECC is common on ssh, see "Mining Your Ps and Qs: 
Detection of Widespread Weak Keys in Network Devices")

I will be looking forward to Bruce's next paper.

The cryptography mailing list

Reply via email to