tag:blogger.com,1999:blog-1625673575821156689.post1619801883658289974..comments2024-03-17T08:55:39.039+01:00Comments on nmav's Blog: Do we need elliptic curve point compression?Nikos Mavrogiannopouloshttp://www.blogger.com/profile/17554156755141404866noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-1625673575821156689.post-17428602535684090152015-03-24T09:31:26.830+01:002015-03-24T09:31:26.830+01:00I think there is one more aspect to point compress...I think there is one more aspect to point compression: if you don't sent both coordinates you don't have to verify that the point is actually on the curve. This seems to be one of the safe curve aspects http://safecurves.cr.yp.to/twist.html. While I think when you properly verify the points this is not a big deal, it should be mentioned here anyway.Bernd Eckenfelshttps://www.blogger.com/profile/09887787460408336985noreply@blogger.comtag:blogger.com,1999:blog-1625673575821156689.post-36245179806492926162014-12-24T15:37:39.110+01:002014-12-24T15:37:39.110+01:00YES - if the US government uses elliptic curve com...YES - if the US government uses elliptic curve compression, they know and presume their enemies know it's NOT secure. See 'Suite B' from the NSA. There isn't anything like 'Shor's Algorithm' for elliptic curves. Plus if you presume the riemann hypothesis is true and and use a mersanne prime finder - you have a pretty good chance of finding the right key in a reasonable time. Don't forget, the primes have to be roughly the same size (16363 & 3 work, but aren't secure!). If you wans security, just meet up with the guy you want to stay in contact with and have a 16Gb memory stick each - now fill with 1-time pad. 2Gbyte gives a few WEEKS of uninteruoted call time. While your at it, have a switch that turns off power to bluetooth & the utility that flashes the BIOS. Mobile phone security is truly a joke. Only with the advent of the Galaxy 5 mobile which, along with those hardware mods, mean nobody is going to rootkit your phone. Oh, and I would also enable some MESH software so your phone becomes like a walkie-talkie - not using towers at all......Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1625673575821156689.post-9949866553449488292013-02-26T15:13:23.858+01:002013-02-26T15:13:23.858+01:00That looks like a nice point you make. However, RF...That looks like a nice point you make. However, RFC4492 which describes TLS with ECC doesn't assign an identifier for it. That could be a nice amendment though.<br />Nikos Mavrogiannopouloshttps://www.blogger.com/profile/17554156755141404866noreply@blogger.comtag:blogger.com,1999:blog-1625673575821156689.post-35858483629839528312013-01-22T20:12:09.057+01:002013-01-22T20:12:09.057+01:00By the way, there exists a more efficient method t...By the way, there exists a more efficient method to represent an ECC point in a compact form, as documented in <a href="http://tools.ietf.org/html/draft-jivsov-ecc-compact" rel="nofollow">Compact representation of an elliptic curve point</a>. <br /><br />This method doesn't depend on the requirement to send 1 bit representing the <b>y</b>. The entire point is represented by the <b>y</b> coordinate only.<br /><br />This specification is based on the year 1985 publication and is thus in the public domain.brainhubhttps://www.blogger.com/profile/08984019406455585314noreply@blogger.com