Message: 4 Date: Sat, 26 Mar 2016 09:57:12 -0700 From: Henry Baker <hbaker1@pipeline.com> To: <math-fun@mailman.xmission.com> Subject: Re: [math-fun] Why elliptic curve superior to RSA Message-ID: <E1ajrWO-000258-Om@elasmtp-kukur.atl.sa.earthlink.net> Content-Type: text/plain; charset="us-ascii"

The problem with fixing a curve is that with enough memory, someone can do some pretty elaborate precomputation.

--Au contraire. With RSA, you fix your private primes p & q, then publish p*q. Somebody can precompute the hell out of that. With EC, pick a curve, once and for all, publish it, and I don't care what precomputation anybody does on it, no matter how large, provided its results are concisely stated. And the entire world can examine this curve to be sure it seems good.

This is part of the problem with NIST's ECC random number generator: you couldn't trust it not to have a back door.

--no, you are confused. This was not a "standard ECC cryptosystem." That was "an intentionally-designed fake-secure intentionally backdoored algorithm foisted on NIST by its corrupt lying NSA advisors, which was soon detected by Microsoft analysts, and then it also was revealed by Snowden to have been indeed intentionally implanted as an NSA conspiracy." It was more complicated than the standard ECC systems because the extra complexity was used to hide the backdoor; other NIST advisors saw no reason for the extra complexity and inelegance of the scheme but were shouted down by the NSA liars who just tried to claim it was there for secret security reasons, and they were the NSA experts who knew All while the others were mere dillentantes, so shut up, it has to be exctly the way we say wiht not one comma altered.

Indeed, Juniper found to their horror that their ECC systems did indeed have such a back door, although it isn't clear who else had the backdoor key -- NSA? Chinese? Israeli's? Russians?

--NSA.

Better to take the hit on using RSA with seriously large primes, and carefully choosing different ones each time.

--In fact, a simple GCD-based study found that a large fraction of all RSA public keys published on the internet, all time, were easily broken by finding factrs of M's by taking GCDs of many M's out there. I do not know the fraction, but it was of order 10%. The problem was some RSA package included a poor random number generator which output only a few possible random numbers -- which perhaps was due to an innocent mistake or perhaps intentionally implanted. -- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)