Text to be sent to

["Yuri Poeluev" <ypoeluev@certicom.com>]

We've been trying to implement IPSec and have encountered some issues.
These are related to
the problem which Neils Provo observed in his email on 13.Aug.98 at 15:42
GMT.

Specifically, the IKE specification currently only facilitates the use of
elliptic curve groups over F2**m, m composite.  The world's leading experts
in elliptic
curve cryptography have publicly questioned the security of these curves.
These experts include:

   Prof Gerhard Frey, Essen University
   Prof Alfred Menezes, Waterloo University and Certicom
   Dr Volker Mueller, Darmstadt University
   Dr Sachar Paulus, Darmstadt University
   Prof Bart Preneel, Leuven University
   Prof Claus Schnorr, Frankfurt University and RSA
   Prof Scott Vanstone, Waterloo University and Certicom
   Mike Wiener, Entrust

We will provide copies of these references.

We therefore suggest that, due to the fact that they are suspect and appear
to provide neither hardware nor software benefits versus F2**m, m prime,
the specification should preclude the use of F2**m, m composite, curves,
which should be replaced with elliptic curve groups over F2**m, m prime. At
the minimum, we feel that the specification should facilitate use of some
non-suspect F2**m, m prime. In addition, it may also be beneficial to
consider facilitating use of some elliptic curve groups over Fp.  We hope
to discuss this in more detail at the meeting in Chicago and will bring in
specific suggested text. In the meantime, please let us know if you have
any questions or comments.

Regards,
Yuri Poeluev & Simon Blake-Wilson
Certicom Corp.

---

Follow-Ups:

• Re: Text to be sent to
• From: ho@earth.hpc.org (Hilarie Orman)

---

• Prev by Date: Re: ECDL on Oakley Grp 3&4
• Next by Date: EC groups over F2**m, m composite
• Prev by thread: Re: ECDL on Oakley Grp 3&4
• Next by thread: Re: Text to be sent to
• Index(es):
  • Main
  • Thread