[gnutls-devel] GnuTLS | Ed448 keys are indicated as having a 456-bit "security level" (#1231)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon May 10 22:27:34 CEST 2021

Daniel Kahn Gillmor commented:

528 for secp521r1 is definitely rounding to an even number of octets.

but 448→456 isn't - that's going from 56 octets (even) to 57 octets (even).  so that's an additional full 8 bits.

I do note that these "bits of security" numbers for ECC are all a little weird -- if they're intended to indicate comparable "symmetric strength" then they're actually double what they should be (curve448 should be comparable to 224-bit symmetric algorithms.

Even [wikipedia](https://en.wikipedia.org/wiki/Curve448) says:

> In cryptography, Curve448 or Curve448-Goldilocks is an elliptic curve potentially offering 224 bits of security

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1231#note_571867781
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210510/5705032f/attachment.html>

More information about the Gnutls-devel mailing list