[145945] in cryptography@c2.net mail archive
Re: 2048 bits, damn the electrons! [rt@openssl.org: [openssl.org
daemon@ATHENA.MIT.EDU (Jack Lloyd)
Thu Sep 30 21:25:33 2010
Date: Thu, 30 Sep 2010 21:09:18 -0400
From: Jack Lloyd <lloyd@randombit.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <20100930173238.GA19068@panix.com>
On Thu, Sep 30, 2010 at 01:32:38PM -0400, Thor Lancelot Simon wrote:
> On Thu, Sep 30, 2010 at 05:18:56PM +0100, Samuel Neves wrote:
> >
> > One solution would be to use 2048-bit 4-prime RSA. It would maintain the
> > security of RSA-2048, enable the reusing of the modular arithmetic units
> > of 1024 bit VLSI chips and keep ECM factoring at bay. The added cost
> > would only be a factor of ~2, instead of ~8.
>
> This is a neat idea! But it means changing the TLS standard, yes?
It would not require changing the standard, since the only way to tell
that my RSA modulus N is a factor of 4 primes rather than 2 primes is
to, well, factor it. And if one can do that there are bigger issues,
of course.
However multi-prime RSA is patented in the US; by Compaq (now HP) I
believe? US patent 7231040, applied for in 1998, so in force for at
least 5 more years if not more. I don't know if there are patents on
this in non-US locales.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
