I have no strong mathematical reason to believe this, but I have a nasty suspicion that the same properties that make ECC curves fast to compute are likely to be the properties that enable future attacks that no one has thought of yet. The recent break on Edwards Curves seems tied to their shift properties.
Are there any canonical examples of completely un-optimized curves
that mean you have to use actual bignumber math to do every step of?
Bear
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
