Bernstein's fast factorization
Sidney Markowitz
sidney at sidney.com
Tue Feb 26 19:06:19 EST 2002
Someone on another mailing list pointed me to this posting by Dan
Bernstein on sci.crypt newsgroup:
http://groups.google.com/groups?hl=en&selm=2002Jan1608.53.39.5497%40cr.yp.to
[begin quote]
From: D. J. Bernstein (djb at cr.yp.to)
Subject: Re: Strength of PGP vs SSL
Newsgroups: comp.security.pgp.discuss, sci.crypt, alt.security.pgp
Date: 2002-01-16 01:00:11 PST
Protecting against the http://cr.yp.to/papers.html#nfscircuit speedup
means switching from n-bit keys to f(n)-bit keys. I'd like to emphasize
that, at this point, very little is known about the function f. It's
clear that f(n) is approximately (3.009...)n for _very large_ sizes n,
but I don't know whether f(n) is larger than n for _useful_ sizes n.
I'd also like to emphasize that special-purpose hardware is useful for
much more than factorization. In fact, it's much easier to reduce cost
this way for secret-key cryptanalysis or elliptic-curve discrete log
than for factorization.
[end quote]
-- sidney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list