This is a technical but quite informative article, nominally about which elliptic curves have good security properties, but also discusses the intentions behind using EC instead of older systems like RSA (basically, EC is safer against some known classes of attacks).
Posting partly because EC vs RSA came up here a few days ago.
Thanks for sharing !! Very difficult to read through and way to much math overhead for my non-educated brain… However, I like reading those kind of statements:
Similarly, regarding the NIST curves, NIST wrote the following in 2019 [183]: NIST is not aware of any vulnerabilities to attacks on these curves when they are implemented correctly and used as described in NIST standards and guidelines. Regarding better curves, [183] wrote that “their designers claim that they offer better performance and are easier to implement in a secure manner”; [183] did not cite any of the literature demonstrating the performance benefits and ease of secure implementation of these curves, and did not mention the likelihood and consequences of insecure implementation of the NIST curves.
NSA: “Trust me bro”
Bitcoin uses NIST P256 iirc, so you can possibly turn implementation mistakes into cash. :)
See also Section 7.3 and Appendix C (and the BADA55 Crypto paper that the email in Appendix C refers to).