Quantum computers are not as far from life as we think. Look at Amazon's new services. Offer for commercial use. And why is everyone obsessed with these qubit calculators? Cryptography on elliptic curves has compromised itself for a long time, they just don’t write about it.

What new services offer quantum computers? I'm not sure what you're referring too, but Amazon does not offer anything even near the capabilities of a quantum computer. If the elliptic curves were compromised critically it would be a issue that would likely be put on top of the priority list. Elliptic curves to my knowledge, and many others has not been compromised.

You make some good posts regarding Bitcoin, but a lot of it is scaremongering similar to the scaremongering tactics used by news outlets. Maybe not intentionally, but suggesting that elliptic curves have been compromised, and then later stating they have weaknesses is inaccurate. They have not been compromised, but they do have strengths, and weaknesses just like any other cryptography.

----------------

Yes, indeed, I have read a lot about cryptography on elliptic curves.

1. I learned that those who know a lot, they work for different unpopular organizations, they are always silent, and information about this knowledge and about these people is lost ...

2. I also learned that specially all modern cryptography is divided into 2 parts:

1) Household cryptography, those encryption systems that we know. They are allowed to be used by us, ordinary people; in unclassified matters;

2) State cryptography, the one that we are not allowed to use, and the government is obliged.

And I asked myself, why so?

More precisely, what is wrong with our everyday cryptography?

3. It is not clear why the NSA (USA) first ordered a study for British mathematicians, then hid all the materials for this study, and immediately banned the use of cryptography on elliptic curves in state secrets.

And this is despite the fact that only yesterday the NSA actively implemented ECC, despite the fact that not so long ago, the NSA bought all the patents for this system from 2 mathematicians.

4. Why are we assured of the reliability of asymmetric mathematical encryption systems without providing evidence of this reliability (evidence of the inability to solve the problem of discrete logarithm in fields of elliptic curves with a finite order of the field of numbers, which means discrete, point elliptic curves).

But I understand that if they know the secret, the weak point of this cryptography, then it is very beneficial for some that all ordinary people use and trust this cryptography.

And further, new questions ..

5. Why NIST does not even want to hear about ECC with an increased key length as a candidate for a post-quantum system.

Let me remind you that a key with a length of 521 bits ECC is equal to a reliability of 256 bits AES. But AES-256 remains a post-quantum system of the future, because no quantum computer will be able to completely enumerate a number of 256 bits.

But in ECC as much as 521 bits !!!

So, ECC breaks down not only with brute force attack, but also somehow, and that means mathematically !!!

Moreover, to increase the key length by 2 times in the ECC encryption paradigm is not a problem and a burden on modern processors.

However, they do not.

Moreover, they claim that this system (including RSA) breaks with any key length, if it breaks with a standard key length. This is not what I say, but people, professors in cryptography, people with a name, authorities in the world of encryption.

What does it mean?

Only one thing - these household systems are broken mathematically, by cryptanalysis.

6. I also learned (from a lecture by a respected mathematician-cryptographer) the following:

- some classes of elliptic curves are weak; - if you look at the standard NIST curves, you can see that they are verifiable random;

- if you read the Wikipedia page about the principle "there is nothing in the sleeves", you will notice that:

1) random numbers for MD5 are obtained from the sine of integers.

2) random numbers for Blowfish are obtained from the first numbers $ \ pi $.

3) random numbers for RC5 are obtained from $ e $ and the golden ratio.

These numbers are random because their numbers are evenly distributed. And they do not cause suspicion, because they have a justification.

Now the following question arises: where do the random generating values for the NIST curves come from?

Answer: unfortunately, we do not know.

These values have no justification.

Is it possible that NIST discovered a “significantly large” class of weak elliptic curves, tried various possible variants of generating values, and found a vulnerable curve? I can not answer this question, but it is a logical and important question.

What is the reason for this distrust of such a respected organization?

But on what:

“We know that NIST has at least successfully standardized a vulnerable random number generator (a generator that, oddly enough, is based on elliptic curves).

Perhaps he has successfully standardized many weak elliptic curves as well? How to check it? No way.

It is important to understand that “verifiable random” and “protected” are not synonyms. It doesn’t matter how complicated the logarithm task is or how long the keys are - if the algorithms are hacked, then there is nothing we can do.

In this regard, the RSA wins because it does not require special domain parameters that can be exploited. RSA (like other modular arithmetic systems) can be a good alternative if we cannot trust the authorities and if we cannot create our own parameters for the definition domain.

And if you're curious: yes, TLS can use NIST curves. If you check in google, you will see that when connecting, ECDHE and ECDSA are used with a certificate based on prime256v1 (aka secp256p1).

I am not a cryptographer and not a mathematician, not a scientist or a university teacher. No one is interested in my opinion and I have no authority.

But I do not consider myself an idiot and do not really trust the universal approved opinion of the herd. I try to draw conclusions.

If you are not tired of this topic, here are the arguments in my favor, the second post for December 4:

https://bitcointalk.org/index.php?topic=5204368.40