[147455] in cryptography@c2.net mail archive
Re: [Cryptography] RSA equivalent key length/strength
daemon@ATHENA.MIT.EDU (Paul Crowley)
Wed Oct 2 10:32:05 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <11546552-EF9E-4310-883F-8507C1EC2CDC@gmail.com>
From: Paul Crowley <paul@ciphergoth.org>
Date: Wed, 2 Oct 2013 14:54:18 +0100
To: John Kelsey <crypto.jmk@gmail.com>
Cc: cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3958648043090224534==
Content-Type: multipart/alternative; boundary=bcaec521571b3e640604e7c26a8c
--bcaec521571b3e640604e7c26a8c
Content-Type: text/plain; charset=UTF-8
On 30 September 2013 23:35, John Kelsey <crypto.jmk@gmail.com> wrote:
> If there is a weak curve class of greater than about 2^{80} that NSA knew
> about 15 years ago and were sure nobody were ever going to find that weak
> curve class and exploit it to break classified communications protected by
> it, then they could have generated 2^{80} or so seeds to hit that weak
> curve class.
>
If the NSA's attack involves generating some sort of collision between a
curve and something else over a 160-bit space, they wouldn't have to be
worried that someone else would find and attack that "weak curve class"
with less than 2^160 work.
--bcaec521571b3e640604e7c26a8c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On 30 September 2013 23:35, John Kelsey <span dir=3D"ltr">=
<<a href=3D"mailto:crypto.jmk@gmail.com" target=3D"_blank">crypto.jmk@gm=
ail.com</a>></span> wrote:<br><div class=3D"gmail_extra"><div class=3D"g=
mail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">If there is a weak curve class of greater than about 2^{80=
} that NSA knew about 15 years ago and were sure nobody were ever going to =
find that weak curve class and exploit it to break classified communication=
s protected by it, then they could have generated 2^{80} or so seeds to hit=
that weak curve class.<br>
</blockquote><div><br></div><div>If the NSA's attack involves generatin=
g some sort of collision between a curve and something else over a 160-bit =
space, they wouldn't have to be worried that someone else would find an=
d attack that "weak curve class" with less than 2^160 work.</div>
</div></div></div>
--bcaec521571b3e640604e7c26a8c--
--===============3958648043090224534==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3958648043090224534==--
