The cr.yp.to microblog: 2016.01.07 21:53:37

2016.01.07 21:53:37 (685202652448215040) from Daniel J. Bernstein, replying to "Tancrède Lepoint (@Leptan)" (685199194848641024):

You're saying that the documented history of lottery security failures comes from lotteries that weren't _designed_ to be secure? @Leptan

Context

2016.01.07 21:29:57 (685196697794916352) from "JP Aumasson (@veorq)", replying to "Tancrède Lepoint (@Leptan)" (685196387353530368):

@Leptan @hyperelliptic what does it bring compared to lotteryless safe curves like 448, 41417 etc.?

2016.01.07 21:33:05 (685197484017217540) from "Tancrède Lepoint (@Leptan)", replying to "JP Aumasson (@veorq)" (685196697794916352):

@veorq @hyperelliptic alternative, diversity, no low hamming weight prime, new method, trust by splitting design and random seed, and others

2016.01.07 21:35:38 (685198126693675010) from "JP Aumasson (@veorq)", replying to "Tancrède Lepoint (@Leptan)" (685197484017217540):

@Leptan @hyperelliptic couldn't you use higher-entropy sources, like newspapers headlines etc? Worry about manipulation risk?

2016.01.07 21:39:53 (685199194848641024) from "Tancrède Lepoint (@Leptan)", replying to "JP Aumasson (@veorq)" (685198126693675010):

@veorq @hyperelliptic can be combined (carefully!). Pb:hard get exact amnt entropy. Also lotteries often designed to avoid manip(eg bailiff)