[Cryptography] New attacks on discrete logs?
David Johnston
dj at deadhat.com
Fri May 23 19:12:54 EDT 2014
On 5/22/2014 2:14 AM, Hanno Böck wrote:
>
> DSA, ElGamal, Diffie Hellmann, ECC-based crypto etc. are all still safe.
>
> So there are two things to learn from this research:
> a) If you invent a new cryptosystem, don't rely on discrete log
> hardness in finite fields of small characteristics.
> b) maybe (but very very unlikely) these results can be extended to
> discrete logs in general. Then lots of crypto is screwed. But most
> people who know this stuff don't think there's any chance this can be
> extended to normal discrete logs.
>
>
However I have to think about what crypto to adopt to put in mass market
chips and they take a long time to put into those chips and those chips
persist in the market for a long time. So I have to imagine the worst
case that might occur in the next 6 or so years.
a) Was presented two weeks ago. I was there, it was the first
presentation of the week and we were all jetlagged and the response was
rather muted compared to the breathless press articles. But it's one in
a series of findings. They're digging rich seam and I expect the bounds
to be expanded.
What I see is a chipping away at the some curves and the DLP in some
classes of finite fields in some contexts. GF(2^n) is very popular due
to its engineering simplicity. Extend that a few years and there is a
risk that the attacks against the DLP might become more general and the
small characteristic limit might become less small. I don't consider (b)
to be so very unlikely, or at least it's not something to bet billions
of dollars of business on.
So that tells me
1) If RSA is fine, use it
2) If you do things in fields (EC etc) use prime fields.
3) Be skeptical of new schemes. The world of small things is throwing up
lots of these 'resource constrained' solutions.
From a 'crypto is fun' perspective, ECC and EDH are great. From a
laying down silicon perspective, they're rather scary.
More information about the cryptography
mailing list