[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ike and elliptic curves

To: Niels Provos <provos@citi.umich.edu>
Subject: Re: ike and elliptic curves
From: "Paul Fahn" <pfahn@certicom.com>
Date: Thu, 11 Nov 1999 11:34:38 -0800
cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

the original IKE (OAKLEY) groups had elliptic curves over binary fields GF_2^m
where m is a composite number. This is considered less secure than using fields
GF_2^m where m is a prime number. The new elliptic curve groups recently
introduced address those security concerns (as well as align with other
standards). See <draft-ietf-ipsec-ike-ecc-groups-01.txt> on the IPSec site for
details.

Paul

Niels Provos <provos@citi.umich.edu> on 11/11/99 06:44:53 AM

To:   John Harleman/Certicom@Certicom
cc:   jerome@psti.com, ipsec@lists.tislabs.com (bcc: Paul Fahn/Certicom)

Subject:  Re: ike and elliptic curves

In message <85256826.00177474.00@domino2.certicom.com>, "John Harleman" writes:
>the groups are not necessarily too small, but of questionable security (they
>were excluded by ansi and the national institute of standards and technology)
>and don't align with the fips curves as well. we've actually submitted a draft
Too small meaning the it takes less time to compute the ECDL than to
search for a 3DES key.  That the groups are defined over subfields is
another problem, though not that serious.

Greetings,
 Niels.

Prev by Date: Re: RSIP and IPsec
Next by Date: Virgil Gligor's iaPCBC paper
Prev by thread: Re: ike and elliptic curves
Next by thread: Re: ike and elliptic curves
Index(es):
- Main
- Thread