[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on ikev2 05 (cryptography)







"Andrew Krywaniuk" <askrywan@hotmail.com> wrote:
> I seem to remember from Hillarie's earlier paper on key sizes that the
size
> of the exponent is not the dominant factor that contributes to the
strength
> of the DH exchange. When you increase the modulus from 1024 bits to 2048
> bits, you now have to do 2048 bit multiplies instead of 1024 bit
multiples
> and that also involves a lot more memory reads. The order of this effect
is
> sub-exponential, but still very significant.
>
> Could this be why the exponent size was set to 160?

Yes.

Generally, when doing Diffie-Hellman exchanges, the exponent size can be
substantially smaller than the modulus size without losing security. There
is a substantial performance gain by doing so. The only question is what
the appropriate size exponent is to match a 1024 bit modulus. The text said
160, but Hugo suggested that 180 or 200 would be more appropriate. I'm
certainly willing to take his word for it. For a 2048 bit modulus, the
exponent size would be bigger, but no where near double. There's probably a
table in some cryptographer's handbook somewhere.

          --Charlie

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).