On Thu, Sep 30, 2010 at 01:32:38PM -0400, Thor Lancelot Simon wrote:
> On Thu, Sep 30, 2010 at 05:18:56PM +0100, Samuel Neves wrote:
> > 
> > One solution would be to use 2048-bit 4-prime RSA. It would maintain the
> > security of RSA-2048, enable the reusing of the modular arithmetic units
> > of 1024 bit VLSI chips and keep ECM factoring at bay. The added cost
> > would only be a factor of ~2, instead of ~8.
> This is a neat idea!  But it means changing the TLS standard, yes?

It would not require changing the standard, since the only way to tell
that my RSA modulus N is a factor of 4 primes rather than 2 primes is
to, well, factor it. And if one can do that there are bigger issues,
of course.

However multi-prime RSA is patented in the US; by Compaq (now HP) I
believe? US patent 7231040, applied for in 1998, so in force for at
least 5 more years if not more. I don't know if there are patents on
this in non-US locales.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to