Undo deprecation of brainpool EC

Xuelei Fan xuelei.f at gmail.com
Tue Nov 15 16:02:30 UTC 2022


Hi Benjamin,

May I ask what are the sizes of brainpool curves used in practice?

Thank,
Xuelei

> On Nov 14, 2022, at 12:36 AM, benjamin.marwell at f-i.de wrote:
> 
> Hello everyone!
> 
> To our surprise, brainpool EC have been deprecated with Java 14+ [1].
> However, JDK-8234924 [1] does not add any information on WHY they would have been deprecated.
> In fact, neither NIST (USA) nor BSI (Germany) list them as deprecated.
> On the contrary, both institutions list them as an acceptable cipher.
> 
> As a matter of fact, the deprecation notice seem to have originated by bad wording.
> Please read this quote from Manfred Lochter, how works at the BSI:
> 
>> The unfortunate wording about the brainpool curves originated in TLS 1.3, 
>> however RFC 8734 makes the curves usable for TLS again.
>> We will continue to recommend the Brainpool curves.
>> It should also be noted that the arguments for the "modern formulas" have all been refuted by now.
>> Especially the implementation of Curve 25519 requires more effort to protect against SCA; 
>> the deterministic signatures are vulnerable to fault injection.
>> In the medium term, however, the switch to post-quantum cryptography is necessary; 
>> there are comprehensive recommendations on this at [2]
> 
> Now, european banking and health industry still do rely heavily on brainpool curves.
> Given all these facts, I hereby request to undo the depracation of brainpool EC in OpenJDK.
> 
> Please let me know what lead to the assumption that brainpool ciphers were deprecated.
> Neither NIST nor BSI seems to be the source. Given all the facts, it should still be included.
> 
> References:
> 
> [1]: https://bugs.openjdk.org/browse/JDK-8234924
> [2]: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/quantentechnologien-und-post-quanten-kryptografie_node.html 
> 
> Mit freundlichen Grüßen 
> 
> Benjamin Marwell 
> 




More information about the security-dev mailing list