Closed jilljenn closed 3 years ago
Yes, though it should be mentioned that the definition of safe that the safecurves page uses is quite strict. Under it no Weierstrass curve is „safe“, while in practice Weierstrass curves are used by eg TLS and other common protocols.
The author of the safecurves page is also the author of several curves that do meet the safe properties, so I would take the safe vs unsafe distinction with a bit of a grain of salt. The unsafe curves do have implementation pitfalls and are harder to implement safely but the curves themselves (ie the parameters and security proofs) don’t have any known weaknesses or backdoors.
Thanks for this package! I think the current implementation only supports unsafe curves, is that right?
https://safecurves.cr.yp.to/