Hacker News new | past | comments | ask | show | jobs | submit login

> and could potentially have a backdoor (like it's precursor, P-256)

P-256 is not known to or even suspected to have any backdoors.




Then I'm sure you can explain where the number c49d3608 86e70493 6a6678e1 139d26b7 819f7e90 came from.

http://safecurves.cr.yp.to/rigid.html

https://credelius.com/credelius/?p=97

With Curve25519, by contrast, DJB explains exactly what constraints were imposed (with very solid justifications for each of them) and then proves that Curve25519 is the unique solution to these constraints which minimizes the remaining free coefficient (which maximizes efficiency). NIST should appoint him to be their Czar or something.


NIST P-256 (and ECDSA in general, to some extent) is widely suspected to have been subverted by NSA, as outlined in the first link in octoberfranklin's response, page 16 of [1], and [2].

[1] https://www.hyperelliptic.org/tanja/vortraege/20130531.pdf

[2] https://blog.cr.yp.to/20140323-ecdsa.html "I have a different view. I blame this attack on the ECDSA designers [https://www.nsa.gov/]."




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: