I don't think the koblitz curve is bad as long as you program around its shortcomings. I didn't know there was an intense campaign against secp256k1. That is somewhat suspicious.
But secp256k1 does have some problems that ed25519 clearly does not have. It has some mathematical properties which open up certain kinds of attacks on the discrete log problem (several low numbered CM field discriminants, ladder cofactor of 1) and it has some properties making it hard to code correctly, specifically that the keys are not indistinguishable from random bits, and you cannot use just any sequence of random bits as a secret key. Nonetheless it hasn't been effectively cracked.
ed25519 has been given a "pass" because it has proven "nothing up it's sleeve" without any of these theoretical shortcomings. So I really am not suspicious of it. But notice that it was given a pass NOT by actual browsers, just by the RFCs. The actual browsers leave it out.
Everybody here seems to worship Satoshi and distrust everybody else, and you are welcome to make your choices. But I don't agree.
Mike Dilger ☑️ /
npub1ac…9p35c
2025-04-07 23:39:47
in reply to nevent1q…0puv
Author Public Key
npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35cPublished at
2025-04-07 23:39:47Event JSON
{
"id": "49503ef18f4f016c84781a78f271aa4d5ebb1db389c796aa1c7fc83a3aa0da0e",
"pubkey": "ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49",
"created_at": 1744069187,
"kind": 1,
"tags": [
[
"p",
"4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"e",
"0a8f44d66aa2ceb06000cea92283b9e086677872ed0e76e3624a24035b2a93be",
"wss://theforest.nostr1.com/",
"root",
"ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49"
],
[
"e",
"76df14cc266dec0e82b9e3914ac774802956f665cf75f92096d1d991a38d86b8",
"wss://wot.utxo.one/",
"reply",
"4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f"
]
],
"content": "I don't think the koblitz curve is bad as long as you program around its shortcomings. I didn't know there was an intense campaign against secp256k1. That is somewhat suspicious.\n\nBut secp256k1 does have some problems that ed25519 clearly does not have. It has some mathematical properties which open up certain kinds of attacks on the discrete log problem (several low numbered CM field discriminants, ladder cofactor of 1) and it has some properties making it hard to code correctly, specifically that the keys are not indistinguishable from random bits, and you cannot use just any sequence of random bits as a secret key. Nonetheless it hasn't been effectively cracked.\n\ned25519 has been given a \"pass\" because it has proven \"nothing up it's sleeve\" without any of these theoretical shortcomings. So I really am not suspicious of it. But notice that it was given a pass NOT by actual browsers, just by the RFCs. The actual browsers leave it out.\n\nEverybody here seems to worship Satoshi and distrust everybody else, and you are welcome to make your choices. But I don't agree.",
"sig": "11f4cd80dc3251544ee0408e658514ff32982b60ede0040d3dc400a5bfa8b96ab9f52b4b7af7f0b08811fb39027322ee587f0f559f465337f5f74ec3687f53b3"
}