8 comments

[ 3.3 ms ] story [ 33.0 ms ] thread
This article is interesting, but it found it striking that it made absolutely no mention of Curve25519 [0], which has become quite popular today as an replacement for P-256 and co. Perhaps things would have been different had the article not been written 3 years before the Dual EC backdoor fiasco.

[0] https://en.wikipedia.org/wiki/Curve25519

Dual EC has nothing to do with the NIST curves.
I think what the root comment is referencing is that the dual EC standard being possibly compromised has made people take a closer look at NIST standards related to their curves.
The author made no mention the more trusted curve25519 the web wants to move to.

Edit: Curve25519 may have been unheard of in 2010.

We don't want to move to it because it's "more trusted". We want it because it's a better curve. Most critically: for the most common applications, Curve25519 avoids the need for point validation, eliminating a class of vulnerabilities. It's also much easier to implement in constant time.
IIRC Curve25519 was introduced in 2005, possibly earlier but the earliest reference a cursory search finds is https://cr.yp.to/ecdh/curve25519-20051115.pdf from November 2005.

This "analysis" just isn't good at all.

My personal acid test to quickly check the worthiness of a page discussing crypto standards : whether IPsec is spelled correctly.

Anyone interested in using ECC should take a glance at SafeCurves: choosing safe curves for elliptic-curve cryptography http://safecurves.cr.yp.to/

There's a nice table showing which curves are safe and which curves are not.

This is not an especially useful analysis. In particular, few specialists in 2016 would make decisions based on which standards bodies support a given curve.