[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Larger DH groups?



Support for 256-bit keys implies a strong belief in quantum computing (mentioned
positively at the NIST press conference).

Hilarie

>>> "Simon Blake-Wilson" <sblakewilson@certicom.com> 10/05/00 10:08AM >>>

Diffie-Hellman is a cubic operation, so I believe 15000-bit DH should take about
15^3 approx=3000 times as long as 1000-bit DH, and 512-bit ECDH should take
about 25 times as long as 160-bit ECC. We don't have implementations of
15000-bit DH but we do have 512-bit ECDH and our performance roughly follows the
estimates. (In fact we're in the process of adding 512-bit curves to our
"Additional ECC groups for IKE" draft so that it has complete AES support.)

Best regards. Simon

S. Blake-Wilson
Certicom Corp.





Ari Huttunen <Ari.Huttunen@F-Secure.com> on 10/05/2000 11:02:42 AM

To:   ipsec <ipsec@lists.tislabs.com>
cc:    (bcc: Simon Blake-Wilson/Certicom)
Subject:  Larger DH groups?




Are there plans/interest in specifying larger standard DH groups, now that
the AES has been chosen?

If so, what sizes would be appropriate? Tero earlier posted groups of
2000-4000 bits, the draft for AES talks about 14000. Anybody know just
how slow would 14000 bit modulus be? (I can guess it's something between
extremely slow and ridiculously slow..) What about the speed of a 500 bit EC2N?

Ari

--
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security