p-256 (Only Curve used in ECC) is under suspicion / maybee unsecure

intel / tinycrypt

tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.

Other

436 stars 154 forks source link

p-256 (Only Curve used in ECC) is under suspicion / maybee unsecure #33

Closed baw-serafin closed 5 years ago

baw-serafin commented 5 years ago

https://safecurves.cr.yp.to/

mczraf commented 5 years ago

@baw-serafin Curve p-256 is a curve standardized by NIST and likely the most widely-deployed elliptic curve in use nowadays. Prof. Bernstein's proposes his particular set of metrics to define what is a safe curve and what is not. To this date, there are no successful attacks demonstrated against p-256 in the literature. Removing support to NIST p-256 would be unreasonable at this point.

baw-serafin commented 5 years ago

@mczraf Did not state it should be removed. As it is widely deployed at the moment it probably makes sense to support the curve. BUT, I would propose:

It should not be the only choice
- There should be some warning / hint in the documentation
- Another curve should be the default