2048 bits, damn the electrons! [rt at openssl.org: [openssl.org #2354] [PATCH] Increase Default RSA Key Size to 2048-bits]
Jack Lloyd
lloyd at randombit.net
Thu Sep 30 21:09:18 EDT 2010
On Thu, Sep 30, 2010 at 01:32:38PM -0400, Thor Lancelot Simon wrote:
> On Thu, Sep 30, 2010 at 05:18:56PM +0100, Samuel Neves wrote:
> >
> > One solution would be to use 2048-bit 4-prime RSA. It would maintain the
> > security of RSA-2048, enable the reusing of the modular arithmetic units
> > of 1024 bit VLSI chips and keep ECM factoring at bay. The added cost
> > would only be a factor of ~2, instead of ~8.
>
> This is a neat idea! But it means changing the TLS standard, yes?
It would not require changing the standard, since the only way to tell
that my RSA modulus N is a factor of 4 primes rather than 2 primes is
to, well, factor it. And if one can do that there are bigger issues,
of course.
However multi-prime RSA is patented in the US; by Compaq (now HP) I
believe? US patent 7231040, applied for in 1998, so in force for at
least 5 more years if not more. I don't know if there are patents on
this in non-US locales.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list