[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] real world binary ecc

On 2020-11-12 1:12 a.m., jamesd AT echeque.com wrote:
What you want from an elliptic curve is that it is fast and that it does
not come from a committee because an NSA agent is always on that
committee.  I recommend libsodium's ristretto255

Why do you want binary fields?

Thanks for your reply.

I'm interested in the question of whether a cryptographic library should bother to include support for binary curves. The answer to that depends on what type of library we are talking about.

libsodium isn't a general purpose crypto library. It makes (good) choices about the underlying crypto for the user.

but suppose you want to create a new TLS library. Should you support binary curves? or maybe you want to offer a library people could use when following FIPS 186-4. TLS and FIPS 186-4 do mention binary ecc, but is it used in practice?

Has anyone seen TLS use binary ecc in real life?

Do any other spec/standards recommend binary ecc?

-James M
The cryptography mailing list
cryptography AT metzdowd.com