[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cryptography] real world binary ecc
On 2020-11-12 1:12 a.m., jamesd AT echeque.com wrote:
What you want from an elliptic curve is that it is fast and that it does
not come from a committee because an NSA agent is always on that
committee. I recommend libsodium's ristretto255
Why do you want binary fields?
Thanks for your reply.
I'm interested in the question of whether a cryptographic library should
bother to include support for binary curves. The answer to that depends
on what type of library we are talking about.
libsodium isn't a general purpose crypto library. It makes (good)
choices about the underlying crypto for the user.
but suppose you want to create a new TLS library. Should you support
binary curves? or maybe you want to offer a library people could use
when following FIPS 186-4. TLS and FIPS 186-4 do mention binary ecc,
but is it used in practice?
Has anyone seen TLS use binary ecc in real life?
Do any other spec/standards recommend binary ecc?
The cryptography mailing list
cryptography AT metzdowd.com