Long Key Performance

Enzo Michelangeli em at who.net
Sun Apr 21 13:36:02 CEST 2002


----- Original Message -----
From: "Justin Troutman" <justinrt at bellsouth.net>
To: <gnupg-devel at gnupg.org>
Sent: Sunday, 21 April, 2002 11:53 AM
Subject: Re: Long Key Performance


[...]
> > Current estimates seems to assume that 256-bit ciphers like Rijndael-256
> are
> > as hard to break as 16Kbit RSA or DH keys (and about 512-bit ECC keys);
>
> With rising in key sizes among symmetrical and asymmetrical, it's not
> accurate to assume that you'd need a 16kbit RSA/DH key to correspond to a
> 256-bit Rijndael key. The attack schemes and security levels on these two
> different systems
> are quite different in that comparing them is somewhat irrelevant after a
> certain point.

NIST, in the document
http://csrc.nist.gov/encryption/dss/ecdsa/NISTReCur.pdf , explicitly
suggests that for ECC keys one should use a number of bits roughly double
than the symmetric cipher's keysize; and Certicom in 1999 (see e.g.
http://www.scramdisk.clara.net/pgpfaq.html#SubElliptic ) published the
following table of comparison:

Block Cipher Keylength  RSA Key Length  EC Key Length
 80                      1024           160
112                      2048           224
128                      3072           256
192                      7680           384
256                     15360           512

Enzo

P.S.: For Anonymous: I can't reply to your private mail unless you let me
have either an e-mail address or a nym, and your PGP key.





More information about the Gnupg-devel mailing list