[tor-talk] Elliptic Curve Crypto and the NSA
karsten.n at mailbox.org
karsten.n at mailbox.org
Mon Nov 2 07:25:03 UTC 2015
Hi,
> I’ve been reading a paper that talks about why the NSA told everyone to
> move to quantum resistant crypto.
Are you talking about the paper "A Riddle Wrapped in an Enigma"?
http://eprint.iacr.org/2015/1018.pdf
> One of the ideas in the paper was that they may have broken elliptic
> curves.
I have another opinion. I didn't read something like "they may have broken
elliptic curves". The NSA crypto experts expected that elliptic curves
(ECC) and RSA will be broken by a quantum computer in the future, in the
more or less near future. But until this will happen, RSA and ECC offer
equal security.
NSA recommendation for Suite B ciphers is NOT: "moving away from ECC now",
It means: "if you are still using RSA, don't spend money to move to ECC,
wait for PQC". (PQC: post quantum crypto)
A short comment by Matthew Green to step in without mathematics you may
find here:
http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html
Karsten N.
More information about the tor-talk
mailing list