In your preamble you say that you only consider curves whose implementations have been maintained since 2016, are resistant to exTNFS attacks, and are peer-reviewed. I think these are all good choices, but then why have you included any curves marked (*) in the table? I understand the necessity of including curves with less than 128-bit secuity, for easy reference to see that they are not secure, but including curves for which the security is unknown seems unnecessary.
Comments from Chloe (Expert Reviewer)