On Wed, Jun 20, 2012 at 10:07 AM, James Muir <[email protected]> wrote: > On 12-06-19 08:51 PM, Jonathan Katz wrote: >> Anyone know any technical details about this? From the news reports I've >> seen, it's not even clear to me what, exactly, was broken. >> >> http://www.pcworld.com/businesscenter/article/257902/researchers_set_new_cryptanalysis_world_record_for_pairingbased_cryptography.html >> > > There is more detail here: > > http://www.nict.go.jp/en/press/2012/06/18en-1.html > > See the subsection "Target problem and the solution" about halfway down. > > The field was GF(3^97) and the curve was y^2=x^3-x+1. The discrete log > problem was created using the eta pairing and the constants \pi and e. >
"NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms." So according to NIST solving a 923b ECC is like brute-forcing a 461b bit symmetric key (I assume in a perfect cipher?). Of course there are weak keys in almost any system e.g. badly implemented RSA picking p=q I wonder if a weak-key scenario has occurred, or if this is a genuine generalized mathematical advance? Comments from ECC experts? _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
