[Cryptography] [FORGED] Re: ratcheting DH strengths over time
Bill Cox
waywardgeek at gmail.com
Mon Nov 16 04:24:37 EST 2015
On Sun, Nov 15, 2015 at 8:18 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Sun, Nov 15, 2015 at 8:25 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
> wrote:
>
>> [Citation needed]
>>
>> (Specifically, one that doesn't simply defer to numerology).
>
>
> It's faster and has smaller key sizes at the same security level.
>
> Not sure if that falls into your definition of "numerology", but key size
> does seem to be the "key" issue in this thread...
>
Yes, longer key sizes will resist quantum attacks longer. My understanding
(which could easily be wrong) is that the difficulty of increasing the
number of qubits in a machine grows exponentially with the number of
qubits, which is why I think we'd see ECC keys attacked well before longer
EC and RDA keys.
I like the idea of auto-increasing the key sizes. If this were somehow
block-chain based, difficulty could be a function of solving discrete log
problems of increasing size. The otherwise wasted CPU cycles in mining
could be used to work on factoring or solving discrete logs.
It might be simpler to have everyone use a minimum of 2048 bit keys for now
for DH and RSA.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151116/6696c99d/attachment.html>
More information about the cryptography
mailing list