[1424] in cryptography@c2.net mail archive
Diffie Hellman timings
daemon@ATHENA.MIT.EDU (Bill Frantz)
Fri Sep 5 19:08:04 1997
Date: Fri, 5 Sep 1997 12:24:43 -0700
To: cryptography@c2.net, coderpunks@toad.com
From: Bill Frantz <frantz@netcom.com>
Cc: frantz@communities.com (Bill Frantz)
Diffie Hellman requires 2 modular exponentations on each side for a key
exchange. My preliminary testing indicates that if the exponent and
modulus are both 1024 bits, this operation takes about a second on a 166
MHz Pentium. A 1024 bit modulus and a 512 bit exponent take about 1/2
second. I think the following argument will allow us to speed up the first
modExp.
Assume we are using Diffie Hellman to derive 3 independent keys for 3DES.
For this use we need 56*3 ==> 168 bits of entropy. If each side
contributes 84 bits of entropy, this allows us to limit the exponent of the
first Diffie Hellman modular exponentation to 84 bits. The expected size
for the second modExp exponent will be about the size of the modulus, so it
will represent the bulk of the time.
Does anyone have insight into the validity of the above argument. I.e., Is
it safe?
-------------------------------------------------------------------------
Bill Frantz | The Internet was designed | Periwinkle -- Consulting
(408)356-8506 | to protect the free world | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments. | Los Gatos, CA 95032, USA
