Comparison of RSA vs elliptical keys

Stefan Claas sac at
Tue May 12 18:41:27 CEST 2020

Sylvain Besençon via Gnupg-users wrote:
> Le 12.05.20 à 11:24, Johan Wevers a écrit :
> > On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote:
> > 
> >> For example, a 256 bit elliptic curve key has a similar strength
> >> to a symmetric key of 128 bits.
> > 
> > Until, of course, a working quantum computer with more than a few
> > qubits is constructed. Then ECC is much more vulnerable than RSA or
> > ElGamal due to its smaler keysize (of course once a 256 bit quantum
> > computer gets constructed I would also worry about 8192 bit RSA
> > being vulnerable too in the very near future).
> > 
> Hi,
> In the FAQ, it is written:
> > Will GnuPG ever support RSA-3072 or RSA-4096 by default?
> > Probably not. The future is elliptical-curve cryptography, which
> > will bring a level of safety comparable to RSA-16384. Every minute
> > we spend arguing about whether we should change the defaults to
> > RSA-3072 or more is one minute the shift to ECC is delayed.
> > Frankly, we think ECC is a really good idea and we’d like to see it
> > deployed as soon as humanly possible. 
> (
> So, I guess the key size is not the only criteria to evaluate the 
> strength of a cipher and ECC still provides better results despite 
> shorter keys.
> However, I would be interested to know which ECC cipher would you 
> recommend to replace RSA. I am not a cryptographer and I don't find
> any information (or more honestly: information that I can understand)
> about Curve 25519, NIST P-256 (and greater), Brainpool, or secp256k1.

I am no cryptographer either, but what I have observed is that most
apps nowadays use djb's Curve 25519. secp256k1 could be interesting
if you have a Bitcoin Wallet or use Bitmessage and want to use those
GnuPG subkeys also for Bitcoin transactions[1], or for Bitmessage.

[1] I once send Niibe-san (GnuPG dev.) some Satoshi to his Bitcoin
address, which he has as GnuPG sec256k1 subkey.


Signal (Desktop) +4915172173279

More information about the Gnupg-users mailing list