On Thu, Sep 30, 2010 at 01:32:38PM -0400, Thor Lancelot Simon wrote: > On Thu, Sep 30, 2010 at 05:18:56PM +0100, Samuel Neves wrote: > > > > One solution would be to use 2048-bit 4-prime RSA. It would maintain the > > security of RSA-2048, enable the reusing of the modular arithmetic units > > of 1024 bit VLSI chips and keep ECM factoring at bay. The added cost > > would only be a factor of ~2, instead of ~8. > > This is a neat idea! But it means changing the TLS standard, yes?

It would not require changing the standard, since the only way to tell that my RSA modulus N is a factor of 4 primes rather than 2 primes is to, well, factor it. And if one can do that there are bigger issues, of course. However multi-prime RSA is patented in the US; by Compaq (now HP) I believe? US patent 7231040, applied for in 1998, so in force for at least 5 more years if not more. I don't know if there are patents on this in non-US locales. -Jack --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com