[13165] in cryptography@c2.net mail archive
[Factoring] TWIRL and RSA key sizes
daemon@ATHENA.MIT.EDU (Trei, Peter)
Fri May 2 21:27:39 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: "'cypherpunks@lne.com'" <cypherpunks@lne.com>,
"'cryptography@metzdowd.com'" <cryptography@metzdowd.com>
Date: Fri, 2 May 2003 15:51:24 -0400
This just came to me over one of our internal mailing lists.
It may be of interest.
Peter Trei
RSA Security
---------------------
> A new technical note on Adi Shamir's "TWIRL" design for integer
> factorization has just been posted on the RSA Labs site, at
> http://www.rsasecurity.com/rsalabs/technotes/twirl.html.
>
> Executive Summary: The popular 1024-bit key size for RSA
> keys is becoming the next horizon for researchers in integer
> factorization, as demonstrated by the innovative "TWIRL"
> design recently proposed by Adi Shamir and Eran Tromer.
> The design confirms that the traditional assumption that a
> 1024-bit RSA key provides comparable strength to an 80-bit
> symmetric key has been a reasonable one. Thus, if the 80-bit
> security level is appropriate for a given application, then TWIRL
> itself has no immediate effect. Many details remain to be
> worked out, however, and the cost estimates are inconclusive.
> TWIRL provides an opportunity for review of key sizes in
> practice; RSA Laboratories' revised recommendations are
> given in Table 1 below.
>
> -- Burt
>
>
>
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com