Given the recent debate about security levels for different key sizes, the following paper by Lenstra, Kleinjung, and Thome may be of interest:
"Universal security from bits and mips to pools, lakes and beyond" http://eprint.iacr.org/2013/635.pdf >From now on I think anyone who wants to argue about resistance to NSA attack should be required to rate their pet scheme in terms of neerslagverdampingsenergiebehoeftezekerheid (although I'm tempted to suggest the alternative tausendliterbierverdampfungssicherheit, it'd be too easy to cheat on that one). Peter. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
