[Cryptography] WhatsApp, Curve25519 workspace etc.

dj at deadhat.com dj at deadhat.com
Tue May 3 16:49:53 EDT 2016


> On Tue, 2016-05-03 at 07:33 +0300, Ismail Kizir wrote:
>
>> Especially considering we're talking about 10-20 years future, my
>> humble opinion, 128 bit workspace is "highly suspicious".
>
> Well, if you want something larger, there are other Edwards curves you
> can use; for example, Curve41417:
>
> https://pure.tue.nl/ws/files/3937646/687849301558882.pdf
>
> The nice part about modern cryptography is that you are free to choose
> the security / computation cost trade-off that makes sense for you.
>


I rather like 128 bits for a key size. Especially when the data size is
also 128 bits. This may be mostly because I implement crypto in hardware.

An O(2**128) problem being attacked by 100,000,000 custom circuits in an
NSA data center, each circuit trying 10,000,000,000 combinations a second
(parameters we might hypothetically reach in 20 years if we're
optimistic), it would take 10,790,283,070,806 years to complete. So my
estimate of attack strength could be off by a factor of 1,000,000 and we
still would be ok. I'd really like to get the contract for supplying those
chips.

The odds of a cryptographic attack seem higher that of a brute force attack.

I am unafraid of quantum computers. They cannot and will not happen in the
way imagined by the media. I'm having some of my time occupied in
'preparing' for quantum computers. I think it'll be a backwards step,
moving us away from simple public key schemes to really complex ones that
will be more vulnerable to cryptographic failures that would not happen to
say Curve25519.

If you're increasing the key strength to 256 or 512 bits to increase
security, you are failing to achieve your goals. Your weakest link lies
elsewhere and by focusing on key size beyond 128 bits, you are missing the
opportunity to address the weakest link, or spending extra time lobbying
NIST for 256 bit block sizes in their block ciphers (am I the only one
doing this?).



More information about the cryptography mailing list