[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft of the ISAKMP/Oakley draft
Hilarie,
We do not yet have a comprehensive list of patents regarding
elliptic curve cryto systems.
I don't have a published list of reliable running times for
elliptic curves over GF(p) but our implementations show that
timings comparable to yours published on crypto '95 should be
possible.
BTW, it might be prudent to avoid GF(2^N) fields with nested
subextensions because this additional structure could be used
for attacks in the future.
Again, my argument for the addition of GF(p) curves is not a
better performance than GF(2^N) curves but the fact that GF(p)
curves do not require an additional arithmetic because the
mod p arithmetic is always implemented. Therefore, GF(p) curves
offer a simple migration from mod p to elliptic curve crypto
systems.
Michael
References: