[10517] in cryptography@c2.net mail archive
Bernstein's fast factorization
daemon@ATHENA.MIT.EDU (Sidney Markowitz)
Wed Feb 27 12:52:56 2002
From: Sidney Markowitz <sidney@sidney.com>
To: Cryptography Mailing List <cryptography@wasabisystems.com>
In-Reply-To: <Pine.LNX.4.40.0202260832330.18597-100000@newbolt.sonic.net>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: 26 Feb 2002 16:06:19 -0800
Message-Id: <1014768380.1381.6.camel@siddhasana>
Mime-Version: 1.0
Someone on another mailing list pointed me to this posting by Dan
Bernstein on sci.crypt newsgroup:
http://groups.google.com/groups?hl=en&selm=2002Jan1608.53.39.5497%40cr.yp.to
[begin quote]
From: D. J. Bernstein (djb@cr.yp.to)
Subject: Re: Strength of PGP vs SSL
Newsgroups: comp.security.pgp.discuss, sci.crypt, alt.security.pgp
Date: 2002-01-16 01:00:11 PST
Protecting against the http://cr.yp.to/papers.html#nfscircuit speedup
means switching from n-bit keys to f(n)-bit keys. I'd like to emphasize
that, at this point, very little is known about the function f. It's
clear that f(n) is approximately (3.009...)n for _very large_ sizes n,
but I don't know whether f(n) is larger than n for _useful_ sizes n.
I'd also like to emphasize that special-purpose hardware is useful for
much more than factorization. In fact, it's much easier to reduce cost
this way for secret-key cryptanalysis or elliptic-curve discrete log
than for factorization.
[end quote]
-- sidney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
