[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Re: P1363: prudent fields]

To: <sandy@storm.ca>
Subject: Re: [Fwd: Re: P1363: prudent fields]
From: "Hilarie Orman" <HORMAN@volera.com>
Date: Tue, 26 Jun 2001 15:31:39 -0600
Cc: <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

Composite exponents permit implementation using field
towers and lead to performance advantages.

Hilarie

 >>> Sandy Harris <sandy@storm.ca> 06/26/01 11:48AM >>>
Hilarie Orman wrote:
 > 
 > Given that the groups have no demonstrated mathematical
 > weaknesses

However, enough problems with composite exponents have shown up
that we just got this advice from a wel--known crytographer:

| More generally, we recommend that elliptic curves over GF(2^n)
| where be n is composite be avoided, including elliptic curves
| over GF(2^185).

 > and that they have significant computational performance advantages,

If performance depends only on the size of exponent, then those
groups --  2^155 and 2^185 -- have about the same performance as
the group using 2^163.

 > there appears to be no reason to drop them.

I'd say there's enough doubt that the cautious course would be to
drop them.

Prev by Date: Re: IPSEC Security Gateways & NAT
Next by Date: RE: IPSEC Security Gateways & NAT
Prev by thread: Re: [Fwd: Re: P1363: prudent fields]
Next by thread: I-D ACTION:draft-shacham-ippcp-rfc2393bis-07.txt
Index(es):
- Main
- Thread