Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/bn256: document that bn256 is weak #19479

Closed
davidlazar opened this issue Mar 9, 2017 · 3 comments
Closed

x/crypto/bn256: document that bn256 is weak #19479

davidlazar opened this issue Mar 9, 2017 · 3 comments
Labels
Documentation FrozenDueToAge
Milestone
Unreleased

Comments

@davidlazar
Copy link
Member

Due to recent improvements in calculating discrete logs [1], the BN-256 curve provides less than 128 bits of security. One estimate is that BN-256 provides closer to 96 bits of security. Trevor wrote a good summary of the situation [2]. The package comment for x/crypto/bn256 should note this weakness.

[1] https://eprint.iacr.org/2015/1027
[2] https://moderncrypto.org/mail-archive/curves/2016/000740.html

cc @agl @trevp
@bradfitz bradfitz changed the title x/crypto: document that bn256 is weak x/crypto/bn256: document that bn256 is weak Mar 9, 2017
@bradfitz bradfitz added this to the Unreleased milestone Mar 9, 2017
@dgryski
Copy link
Contributor

dgryski commented Mar 10, 2017

I'm trying to remember a discussion where it was decided against adding a warning that TEA/XTEA similarly "Bad" block ciphers.

@DemiMarie
Copy link

IIRC TEA is actually secure (it is XTEA and XXTEA that are broken).

@agl agl self-assigned this Mar 24, 2017
@gopherbot
Copy link

Change https://golang.org/cl/79877 mentions this issue: bn256: don't claim a 128-bit security level.

@golang golang locked and limited conversation to collaborators Dec 31, 2018
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
@agl
bn256: don't claim a 128-bit security level.
505ce66 
It's no longer true.

Fixes golang/go#19479

Change-Id: I85b0ce850ebde60b816924a25368208527a8e617
Reviewed-on: https://go-review.googlesource.com/79877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
c-expert-zigbee added a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
@c-expert-zigbee
bn256: don't claim a 128-bit security level.
c01d3fe 
It's no longer true.

Fixes golang/go#19479

Change-Id: I85b0ce850ebde60b816924a25368208527a8e617
Reviewed-on: https://go-review.googlesource.com/79877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@rsc rsc unassigned agl Jun 23, 2022
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
@agl
bn256: don't claim a 128-bit security level.
38ea09d 
It's no longer true.

Fixes golang/go#19479

Change-Id: I85b0ce850ebde60b816924a25368208527a8e617
Reviewed-on: https://go-review.googlesource.com/79877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@agl
bn256: don't claim a 128-bit security level.
cf68630 
It's no longer true.

Fixes golang/go#19479

Change-Id: I85b0ce850ebde60b816924a25368208527a8e617
Reviewed-on: https://go-review.googlesource.com/79877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Documentation FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
6 participants
@bradfitz @agl @davidlazar @dgryski @DemiMarie @gopherbot