Thanks for the info! For busy readers, I suggest reading section 6.3 "Lessons". I will try to give a short summary (quote + paraphrase) of section 6.3:

1. 1024-bit primes should be considered insecure for cryptosystems based on the difficulty of computing discrete log.

2. Trapdoor for a 2048-bit key is roughly equivalent to computation for a 1340-bit key. This is safe for NOW, but the authors raise concern that these keys are likely to remain in wide use in the future, suggesting standardized primes should be publish with their seeds.

3. Dismissing the risk of trapdoored primes in the 90s appears to be a mistake, publishing the seed should be a requirement rather than optional.

Finally, I am studying elementary number theory right now. It is interesting to see how it is used!

Reply via email to