[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Re: P1363: prudent fields]

Subject: Re: [Fwd: Re: P1363: prudent fields]
From: Sandy Harris <sandy@storm.ca>
Date: Tue, 26 Jun 2001 13:48:39 -0400
CC: ipsec@lists.tislabs.com
References: <sb386ea5.031@prv-mail20.provo.novell.com>
Sender: owner-ipsec@lists.tislabs.com

Hilarie Orman wrote:
> 
> Given that the groups have no demonstrated mathematical
> weaknesses

However, enough problems with composite exponents have shown up
that we just got this advice from a wel--known crytographer:

| More generally, we recommend that elliptic curves over GF(2^n)
| where be n is composite be avoided, including elliptic curves
| over GF(2^185).

> and that they have significant computational performance advantages,

If performance depends only on the size of exponent, then those
groups --  2^155 and 2^185 -- have about the same performance as
the group using 2^163.

> there appears to be no reason to drop them.

I'd say there's enough doubt that the cautious course would be to
drop them.

Prev by Date: Re: IPSEC Security Gateways & NAT
Next by Date: Re: I-D ACTION:draft-shacham-ippcp-rfc2393bis-07.txt
Prev by thread: Re: [Fwd: Re: P1363: prudent fields]
Next by thread: Re: [Fwd: Re: P1363: prudent fields]
Index(es):
- Main
- Thread