← Back to context

Comment by aaomidi

2 years ago

Yes: https://en.wikipedia.org/wiki/Dual_EC_DRBG

Also, we still to this day do not know where the seed for P256 and P384 came from. And we're using that everywhere. There is a non-zero chance that the NSA basically has a backdoor for all NIST ECC curves, and no one actually seems to care.

2 comments

aaomidi

Reply
sweis  2 years ago

NIST P-256 curve seed came from the X9.62 specification drafted in 1997. It was provided by an NSA employee, Jerry Solinas, as an example seed among many other seeds, including those provided by Certicom. Read this for more details: https://eprint.iacr.org/2015/1018

brohee  2 years ago

Or you find it somewhat credible but still use them because fending off the NSA is not something you want to spend energy on, and you are confident in the fact that NSA think no one else can find the backdoor.