[cryptography] cryptanalysis of 923-bit ECC?

Jon Callas jon at callas.org
Fri Jun 22 13:54:40 EDT 2012

Hash: SHA1

On Jun 22, 2012, at 2:01 AM, James A. Donald wrote:

> On 2012-06-22 6:21 PM, James A. Donald wrote:
>>> Is this merely a case where 973 bits is equivalent to ~60 bits symmetric?
> As I, not an authority, understand this result, this result is not "oops, pairing based cryptography is broken"
> It is "oops, pairing based cryptography requires elliptic curves over a slightly larger field than elliptic curve based cryptography does"

Indeed. So kudos to the Fujitsu guys, and we make the curves bigger. Even 77 bits is really too small for serious work.

Does anyone know what the ratio is for equivalences, either before or after?

The usual rule of thumb is 2x bits for symmetric security equivalence on hashes and normal ECC, with integer public keys being 1024 maps to 80 symmetric, 2048 to 112, and 3K to 128.

What creates the 953 -> 153 relation? Then of course there's the obvious 153 halved, but do we know at all how we'd compensate for the new result?


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii


More information about the cryptography mailing list