From ecb427ec03e9d17e0286dfbc3223c42d570f016d Mon Sep 17 00:00:00 2001
From: zooko <>
Date: Wed, 8 Aug 2012 07:15:46 +0000
Subject: [PATCH] demote Brainpool ECC to Back Shelf and replace with Ed25519

[Imported from Trac: page Bibliography, version 68]
---
 Bibliography.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Bibliography.md b/Bibliography.md
index 52da974..63db3f0 100644
--- a/Bibliography.md
+++ b/Bibliography.md
@@ -28,7 +28,7 @@ the best provably secure hash based signature scheme.”
 
 #### Elliptic Curve Cryptography
 
-* [ECC Brainpool Standard Curves and Curve Generation](http://tools.ietf.org/html/draft-lochter-pkix-brainpool-ecc-03) new elliptic curve parameters which come with a proof that they were generated deterministically and pseudorandomly from the first few bits of Π, as well as proofs that they are immune to certain other potential cryptographic weaknesses.
+* [Ed25519](http://ed25519.cr.yp.to/) fast, well-engineered elliptic curve digital signatures by Daniel J. Bernstein
 * [On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography](http://eprint.iacr.org/2009/389) crypto gurus try to predict whether 160-bit elliptic curve crypto can be brute-force-cracked in the next decade.  They conclude: "Right now most certainly not: 2.5 billion PS3s or equivalent devices (such as desktops) for a year is way out of reach. In a decade, very optimistically incorporating 10-fold cryptanalytic advances, still millions of devices would be required, and a successful open community attack on 160-bit ECC even by the year 2020 must be considered very unlikely."
 * [The Certicom Challenges ECC2-X](http://eprint.iacr.org/2009/466) other crypto gurus launch an effort to brute-force-crack 130-bit and 160-bit ECC.
 
@@ -72,6 +72,7 @@ These are some references which are less interesting or relevant than the ones a
 ### Public Key Cryptography
 
 * [Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems](http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf) Scheme 1 in this paper comes with a tight reduction to the Computational Diffie-Hellman problem, which means it is definitely at least as secure as any discrete-log-based scheme and could be more secure. It also has a good pedigree (having been suggested by David Chaum et al. in 1989 and having been proven to tightly reduce to Computational Diffie-Hellman by Katz et al. in 2003). It also has a nice short public key, which could be good for fitting it into our capability security schemes.
+* [ECC Brainpool Standard Curves and Curve Generation](http://tools.ietf.org/html/draft-lochter-pkix-brainpool-ecc-03) new elliptic curve parameters which come with a proof that they were generated deterministically and pseudorandomly from the first few bits of Π, as well as proofs that they are immune to certain other potential cryptographic weaknesses.
 
 ### Miscellaneous