I don't understand the last few posts here. In the paper linked to by Samuel Neves:
http://eprint.iacr.org/2012/042 Table 3, towards the top. (I read that as 2^53 steps.) So to me, the recent result is "we verified computationally that our analysis is correct". Maybe my brain is too simple. BBB On Fri, Jun 22, 2012 at 10:54 AM, Jon Callas <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Jun 22, 2012, at 2:01 AM, James A. Donald wrote: > >> On 2012-06-22 6:21 PM, James A. Donald wrote: >>>> Is this merely a case where 973 bits is equivalent to ~60 bits symmetric? >> >> As I, not an authority, understand this result, this result is not "oops, >> pairing based cryptography is broken" >> >> It is "oops, pairing based cryptography requires elliptic curves over a >> slightly larger field than elliptic curve based cryptography does" > > Indeed. So kudos to the Fujitsu guys, and we make the curves bigger. Even 77 > bits is really too small for serious work. > > Does anyone know what the ratio is for equivalences, either before or after? > > The usual rule of thumb is 2x bits for symmetric security equivalence on > hashes and normal ECC, with integer public keys being 1024 maps to 80 > symmetric, 2048 to 112, and 3K to 128. > > What creates the 953 -> 153 relation? Then of course there's the obvious 153 > halved, but do we know at all how we'd compensate for the new result? > > Jon > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Universal 3.2.0 (Build 1672) > Charset: us-ascii > > wj8DBQFP5LFxsTedWZOD3gYRAi2oAKDTs9aRZVTc2IoFlaKPbEJw9pd6jACeOSqe > WMl+TXGl/i+KHfW9p88dxHA= > =0+9/ > -----END PGP SIGNATURE----- > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
