[gnutls-devel] GnuTLS | Ed448 keys are indicated as having a 456-bit "security level" (#1231)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon May 10 22:27:34 CEST 2021
Daniel Kahn Gillmor commented:
528 for secp521r1 is definitely rounding to an even number of octets.
but 448→456 isn't - that's going from 56 octets (even) to 57 octets (even). so that's an additional full 8 bits.
I do note that these "bits of security" numbers for ECC are all a little weird -- if they're intended to indicate comparable "symmetric strength" then they're actually double what they should be (curve448 should be comparable to 224-bit symmetric algorithms.
Even [wikipedia](https://en.wikipedia.org/wiki/Curve448) says:
> In cryptography, Curve448 or Curve448-Goldilocks is an elliptic curve potentially offering 224 bits of security
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1231#note_571867781
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel