[cryptography] cryptanalysis of 923-bit ECC?
jon at callas.org
Fri Jun 22 17:07:07 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On Jun 22, 2012, at 11:20 AM, Samuel Neves wrote:
> Not exactly. If the target is ~80-bit security, ~160-bit elliptic curves are still fine, even for pairing-based crypto. The failure there was the choice of the particular *field* and *curve parameters*. Namely, choosing both the characteristic (3) and the embedding degree (6) to be small left it open to faster attacks.
Yeah, but we're all supposed to retire 80-bit crypto.
I'm well aware of my own lackadaisicalness in this regard (to wit, the 1024-bit DSA key that this message is signed with). That doesn't make the point invalid, it only means that I am a sinner, too.
I'm interested in knowing what the equivalent values for uprating are, and the rationales for them.
If ~1000 bit pairing is equivalent to 80 bits, what's equivalent to 128?
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
-----END PGP SIGNATURE-----
More information about the cryptography