[tor-dev] 转发: Which elliptic curve Tor use & use safe curve only

Tom255 Tom255 at protonmail.com
Thu Nov 21 13:12:06 UTC 2019 

Please use Ed448-Goldilocks or named Curve448 (suggest) and Curve25519 only. Curve448 potentially offering 224 bits of security, even safer than NIST P-384. Curve25519 potentially offering 128 bits of security and safer and faster than NIST P-256. More important, they're both ECC Security, not only ECDLP Security. ECC Security doesn't equal to ECDLP Security. 
" Unfortunately, there is a gap between ECDLP difficulty and ECC security. None of these standards do a good job of ensuring ECC security. There are many attacks that break real-world ECC without solving ECDLP. The core problem is that if you implement the standard curves, chances are you're doing it wrong:
-Your implementation produces incorrect results for some rare curve points.
-Your implementation leaks secret data when the input isn't a curve point.
-Your implementation leaks secret data through branch timing.
-Your implementation leaks secret data through cache timing. " (https://safecurves.cr.yp.to/)
And those curves are recommended by RFC 7748: https://tools.ietf.org/html/rfc7748
If possible, use Curve448 only. It's even safer than NIST P-384 and it's new.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20191121/48cf515f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - Tom255 at protonmail.com - 0x26CCDADB.asc
Type: application/pgp-keys
Size: 665 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20191121/48cf515f/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 216 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20191121/48cf515f/attachment.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 217 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20191121/48cf515f/attachment-0001.sig>

More information about the tor-dev mailing list