On Wed, May 21, 2014 at 7:45 PM, Samuel Neves <[email protected]> wrote:
> While random seeds are an obvious target of bruteforce for someone looking > for "verifiably random" curves with specific > properties, I don't see how the same goal cannot be achieved with "fully > rigid" curves. Compare NIST P-256: y^2 = x^3-3x +41058363725152142129326129780047268409114441015993725554835256314039467401291 modulo p = 2^256 - 2^224 + 2^192 + 2^96 - 1 With Curve25519: y^2 = x^3+486662x^2+x modulo p = 2^255 - 19 Curve25519 definitely has much more of a "nothing up my sleeve" feel about it. (via http://safecurves.cr.yp.to/) -- Tony Arcieri
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
