ECC

[Werner Koch]

On Fri, 04 Nov 2005 19:32:07 +0100, markus reichelt said:

> I put the speculations aside and stick with the fact that the NSA
> recommends ECC for government use. That's enough for _me_.

There is a rationale reason why NIST (not the NSA) will go for ECC:

The forthcoming extended DSA versions using longer hash values will
require much longer RSA keys (e.g. 3072 bit for SHA-256).  This is due
to NIST's estimated relations between key and hash sizes for balanced
attack costs.

The downside of these new DSA variants is that implementing 3k RSA on
small devices is close to impossible.  Thus they need to switch to ECC
to gain similar security with the ability to implement it on smart
cards.


Shalom-Salam,

   Werner