Re: [Uta] updated I-Ds
Watson Ladd <watsonbladd@gmail.com> Tue, 25 February 2014 21:35 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D67491A02BC for <uta@ietfa.amsl.com>; Tue, 25 Feb 2014 13:35:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3t81xYVscff for <uta@ietfa.amsl.com>; Tue, 25 Feb 2014 13:35:07 -0800 (PST)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) by ietfa.amsl.com (Postfix) with ESMTP id 7AFCE1A0226 for <uta@ietf.org>; Tue, 25 Feb 2014 13:35:07 -0800 (PST)
Received: by mail-yk0-f177.google.com with SMTP id q200so6796ykb.8 for <uta@ietf.org>; Tue, 25 Feb 2014 13:35:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DdLaUwXTm+DYM6d/DgwkH32yk6PAiDEH+Xz0Jrqxm+w=; b=Npa+f2850VTm0KnIteF3SHcW8rfA2GsOVxHFUnnLhseTGKtHccbTx9qWudFZeMQJvY En5eUZv9MfQXsRcen0cOMQ3Ja6r4W6yhL9gIzvdE6hyipVzP0OZwEb0HzvN/diAHuqS9 HNHJJZHII7Qoua7G1eeFnCbNYHf83bwp22m8d2aJ8fFqiI+GpzfrdT00QvjELP7q4OsH 8yo6prNGYeZ2Nn582WJ/wsbtnQjaRGw8pbaCoZQWZO4jXwwQ+FGc+Xolel0ffZi4uUwd /I+C44tvIObGY76zPCGVu4+GaDKuQwXKH14A7oERO7WLJWSj1VM6C1HpQ23x98ycfnWT mWHw==
MIME-Version: 1.0
X-Received: by 10.236.122.99 with SMTP id s63mr2771083yhh.19.1393364104842; Tue, 25 Feb 2014 13:35:04 -0800 (PST)
Received: by 10.170.92.85 with HTTP; Tue, 25 Feb 2014 13:35:04 -0800 (PST)
Received: by 10.170.92.85 with HTTP; Tue, 25 Feb 2014 13:35:04 -0800 (PST)
In-Reply-To: <530D0323.7020509@fifthhorseman.net>
References: <52FD1424.4080400@stpeter.im> <CACsn0ckkJqx7EmNR3iwDCKw089LePHWguMmCvYpLz4dgYhUSzQ@mail.gmail.com> <530D0323.7020509@fifthhorseman.net>
Date: Tue, 25 Feb 2014 13:35:04 -0800
Message-ID: <CACsn0cmPTeB6kd_bQ7FMctwr1=UHnehk8tmp+aFtxaYg0gUcwA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: multipart/alternative; boundary="20cf301af3358314db04f341dc28"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/wSmL3ujLoMbiDfyLXzCIXp0lJVI
Cc: uta@ietf.org
Subject: Re: [Uta] updated I-Ds
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 21:35:10 -0000
On Feb 25, 2014 12:55 PM, "Daniel Kahn Gillmor" <dkg@fifthhorseman.net> wrote: > > On 02/13/2014 02:51 PM, Watson Ladd wrote: > > Currently a 530 bit prime can be done effectively with 3 core years of sieving. > > do you mean "a 530 bit composite can be factored…" here? No, I mean that a discrete logarithm in G_m modulo a 530 bit prime can be computed in 3 core years of work. This is different from RSA, but closely related. I looked up the record on Wikipedia. > > the CADO-NFS team reports roughly 6 core-years for RSA-155, a 512-bit > number: > > http://cado-nfs.gforge.inria.fr/#feat > > so that's in the same ballpark. But: > > > This implies that a 1024 bit prime will take approximately 10.5 core years, > > and 2048 bits 15 core years. > > These are alarmingly short estimates, given the parallelizability of GNFS. > > Recent work (also with CADO-NFS): > > http://maths-people.anu.edu.au/~bai/paper/rsa704.pdf > > suggests 12 core years for polynomial selection for RSA-704, and 500 CPU > years for sieving. > > Can you explain your estimate of 10.5 core years for RSA-1024 or 15 core > years for RSA-2048? I redid the arithmetic and it looks like I was off/made a typo. Take L(n)=c*e^{(log n)^a*(loglog n)^(1-a)} with a 1/3, figure out the constant, and plug in the lengths. Redoing it I get 8000 core years for DH modulo a 1024 bit prime and about 4 billion core years for 2048 bit prime. The point is DHE with the 1024 bit prime is much weaker than other algorithms being considered. Sincerely, Watson Ladd > > Regards, > > --dkg >
- [Uta] updated I-Ds Peter Saint-Andre
- Re: [Uta] updated I-Ds Watson Ladd
- Re: [Uta] updated I-Ds Orit Levin (LCA)
- Re: [Uta] updated I-Ds Alexey Melnikov
- Re: [Uta] updated I-Ds Daniel Kahn Gillmor
- Re: [Uta] updated I-Ds Watson Ladd
- Re: [Uta] updated I-Ds Daniel Kahn Gillmor
- Re: [Uta] updated I-Ds Stephen Farrell
- Re: [Uta] updated I-Ds Yaron Sheffer
- Re: [Uta] updated I-Ds Orit Levin (LCA)
- Re: [Uta] updated I-Ds Yaron Sheffer