On 11/05/2015 17:56 pm, Thierry Moreau wrote:
On 05/09/15 11:18, ianG wrote:
Workshop on Elliptic Curve Cryptography Standards
June 11-12, 2015
Agenda now available!
The National Institute of Standards and Technology (NIST) will host a
Workshop on Elliptic Curve Cryptography Standards at NIST headquarters
in Gaithersburg, MD on June 11-12, 2015. The workshop will provide a
venue to engage the cryptographic community, including academia,
industry, and government users to discuss possible approaches to promote
the adoption of secure, interoperable and efficient elliptic curve
mechanisms.
I doubt the foremost questions will be addressed:
To which extent NSA influence motivates NIST in advancing the ECC
standards?
John Kelsey, chief of something or other at NIST, gave a pretty
comprehensive talk on the NSA issue for NIST at Real World Crypto in
Janaury [0]. My take-away is that they are taking it seriously.
From memory, there wasn't anything directly spotted for the ECC stuff,
but there has been this rising tide of demand for new curves ... so
maybe now is the time.
Can independent academia members present hypothetical mathematical
advances (even breakthroughs) that NSA could have made, or could
speculatively expect to make, in order for the NSA to provide the US a
cryptanalysis advance over the rest of the world (central to NSA mission).
If you're saying, can the academics stumble across something that the
NSA had beforehand, well, of course. But I'm not sure that's what you mean.
To which extent the table of key size equivalences (between
factoring-based cryptosystems and ECC schemes) is biased for a faster
adoption of ECC (e.g. it makes sense to move to ECC because the
"equivalent" RSA key sizes are inconvenient)?
NIST has been unquestionably useful for the cryptographic community with
the AES and ASHA competitions. The outcome of the former is a widely
deployed improvement over prior symmetric encryption algorithms. The
outcome of the latter appears less attractive for adoption decisions,
but the very challenges of an efficient secure hash algorithm seems to
be the root cause, and not the NIST competition process.
With ECC, I have less confidence in NIST ability to leverage the
cryptographic community contributions.
Yeah, curves look much harder than hashes and ciphers. But is there a
better option?
iang
[0]
http://www.realworldcrypto.com/rwc2015/program-2/RWC-2015-Kelsey-final.pdf?attredirects=0
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
