-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jun 22, 2012, at 11:20 AM, Samuel Neves wrote:
>
> Not exactly. If the target is ~80-bit security, ~160-bit elliptic curves are
> still fine, even for pairing-based crypto. The failure there was the choice
> of the particular *field* and *curve parameters*. Namely, choosing both the
> characteristic (3) and the embedding degree (6) to be small left it open to
> faster attacks.
Yeah, but we're all supposed to retire 80-bit crypto.
I'm well aware of my own lackadaisicalness in this regard (to wit, the 1024-bit
DSA key that this message is signed with). That doesn't make the point invalid,
it only means that I am a sinner, too.
I'm interested in knowing what the equivalent values for uprating are, and the
rationales for them.
If ~1000 bit pairing is equivalent to 80 bits, what's equivalent to 128?
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1
wj8DBQFP5N6CsTedWZOD3gYRAlBZAKDf1Yl6Z9sw7HY2kZYSJos8QAaa8ACfYFEO
6UmICgYZia5H9rw2b9IVTM8=
=SUPa
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
