[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: "James A. Donald" <[email protected]>*Subject*: Re: Elliptic curves, current status?*From*: [email protected] (Norman Hardy)*Date*: Sun, 26 Nov 1995 15:17:15 -0800*Cc*: [email protected]*Sender*: [email protected]

At 12:07 PM 11/25/95, James A. Donald wrote: .... >Can someone tell me the true story? Not with any assurance. I don't trust my own knowledge yet. I think that the opinion is that the discrete log problem is harder with elliptic curves than for prime modulus arithmetic for numbers of a given size. That is why you can use fewer bits. The inner loop in some elliptic curve systems is not multiply-add (as is the case with number fields) but other operations that are as efficient with gates but less efficient with normal machine instructions. There are probably an order of magnitude more people that have studied and published about the problems of breaking prime modulus crypto than elliptic curves. Perhaps progress will be faster should elliptic curves be studied by more people. There are a lot of tricks to speed up discrete logs in for prime modulus schemes that don't seem to work for elliptic curves. There are many parameters to an elliptic curve crypto system. I haven't seen any taxonomy of which kinds are good and which have been shown to be week. In contrast there seems to be a consensus about how to pick primes for RSA or Diffie-Hellman. I am certainly no expert. Perhaps this will prompt comments from someone who can point to real information.

**Follow-Ups**:**Re: Elliptic curves, current status?***From:*Wei Dai <[email protected]>

- Prev by Date:
**Re: Junk E-Mail - Part 4** - Next by Date:
**Cyberangels** - Prev by thread:
**Elliptic curves, current status?** - Next by thread:
**Re: Elliptic curves, current status?** - Index(es):