[Cryptography] We need a new encryption algorithm competition.

[Jerry Leichter]

On Mar 16, 2014, at 7:45 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> >I don't buy that contention.  It certainly doesn't describe the >relationship of EC to RSA - I haven't heard any claims that EC is >inherently more secure than RSA (in fact one might argue that the >underlying hard problem in EC is less well-understood than the one in >RSA); rather, the claim is that RSA is becoming too slow to be practical >to retain adequate security in the face of advances in attacks, while EC >gets by with much smaller keys (hence gets much better performance) at >the required level of security.
> It isn't that EC is stronger the reason it is interesting is that RSA key size stops delivering interesting improvements in strength after about 2048 bits.
That contention is new to me; reference?  I've seen nothing to indicate RSA doesn't continue to scale in strength exactly as it always has as far out as you'd like to go.  It's just that even at 2048 it's becoming rather resource-heavy.

> >A fallback for AES with significantly worse performance simply wouldn't >be used.  People put as much hardware as needed out there to solve a >problem; they don't add a whole bunch extra "just in case".  
> 
> Not any more, its now a cloud thing. If more computing grunt is required they will up their server farm size as necessary to deploy it.
As Martin Minow, a long-departed friend of mine, put it years ago:  Virtual memory is fine if you want to do virtual work.

Server farms are built of real hardware that someone has to buy with real money.  They may be a very larger resource, but they are not an infinite resource.

Besides ... (a) they don't do anything to improve single-stream performance; (b) they are of no help on the client side.

                                                        -- Jerry