•All NIST and IPSec
international standards elliptic curves have cmax= 1
•(except NIST P-256 which has cmax= 3)
•(and the NIST K family of Koblitz
curves, which a
priori have large cmax )
measure of how hard it is to reduce DLOG on a curve to other curves overFqwhich have the same number of points.
Since it is small, this
means that the NIST and IPSec curves (aside from the K curves)
lie on the simplest levels.Their DLOG
problems are therefore random reducible to all other typical
curves on those levels.
Hence their DLOGs are no easier or harder than those for typical curves.No “Conspiracy”.