Do you know elliptic curve crypto?

I’d love for someone to do a presentation on eliptic curve crypto. The Coursera/Stanford crypto II session has been postponed for a few years now and it’s not looking like it will happen any time soon, so it’s time to take matters into one’s hand.

Elliptic curve crypto is the current state of the art for securing private communications. It’s a type of asymmetric crypto (different keys to encrypt and decrypt) that relies on some cool properties of eliptic equations.

Ideally it would be about how EC crypto works in practice:

  • how to pick good curves,
  • how to avoid bad ones,
  • how not to let the NSA pick them for you.

I’d be willing to provide a few growlers and/or pots of tea for the audience and help with organizing it.

2 Likes

I, too, await the Crypto II course.

Curve25519 seems to be seeing some wide adoption, if you want to use a non-NIST curve. (Curve25519: high-speed elliptic-curve cryptography)

DJB and Tanja Lang seem to be two of the leading researchers on EC and what it means to have a “good” curve. Check out their site at http://safecurves.cr.yp.to/

Agreed, + the reference list for the SafeCurves project looks like a great resource. In particular, djb’s Curve25519 paper goes into some detail about the reasons for choosing that curve:

For issues beyond the choice of curve, this is a good overview of the Dual-EC RNG scandal:

In that case the problem isn’t so much that a standard curve is used, but that also a standard point on that curve is used to update the RNG’s state: if you used the standard curve but randomized the point, you’d avoid the main problem.