On Thu, 30 Jan 2014 22:45:03 -0800 Robert Ransom wrote: > A true drop-in replacement for one of the NSA curves would be a > small-parameter Edwards curve over the same field, satisfying the > ?SafeCurves? criteria, with a=1 and non-square d, such that:
This is impossible per se. Most NIST fields simply do not satisfy the SafeCurves criteria (this is pointed out in Mike Hamburg et al's Elligator paper wrt P-256). Paulo. _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
