unpopular opinion: maybe people should stop designing protocols on top of Curve25519. We've got many people fighting against point validation, and on the other hand we have complex protocols that end up being vulnerable if they don't do it. CPace fortunately specifies it
-
Show this thread
Replying to @cryptodavidw
That being said, if a specification assumes a prime order group, people will still end up implementing it over arbitrary curves. OTOH, specifications explicitly taking care of cofactor issues would not get any less secure when implemented over a prime order group.
4:39 PM - 25 May 2020
from Saint-Mandé, France
0 replies
1 retweet
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.