Beyond Curve25519

Hanno Böck hanno at
Thu Jan 15 21:53:33 CET 2015

On Thu, 15 Jan 2015 12:54:58 +0100
Milan Kral <milan.kral at> wrote:

> the security of Curve25519 is about 2^125. Are there plans to
> implement stronger ECC in GnuPG? Good candidate would be E-521, it's
> one of the recommended curves on

I find the search for "better than curve25119 curves" quite

If you're really looking for something stronger you likely want
something post-quantum. However the trouble with post quantum is that
right now nobody really has any confidence in any of the algorithms.
But people work on that, there's been some nice progress lately.

Realistically: Nobody is every going to break 128 bit security level.
When curve25519 breaks it'll very likely be because of quantum
computers. But then e-521 will only provide very little extra

Hanno Böck

mail/jabber: hanno at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150115/a61228c2/attachment.sig>

More information about the Gnupg-devel mailing list