Cryptography Reference
In-Depth Information
After the factorization of the next RSA challenge, RSA-160, with the
participation of the Gernab Institute for Security in Information Technology (BSI)
in Bonn, in April 2003, it was in December 2003 that a consortium of the University
of Bonn; the Max Planck Institute for Mathematics, in Bonn; the Institute for
experimental Mathematics, in Essen; and the BSI factored the 174-digit number
RSA-576 = 18819881292060796383869723946165043980716356337941738
2700763356422988859715234665485319060606504743045
3173880113033967161996923212057340318795506569962
21305168759307650257059
into two 87-digit factors:
RSA-576 = 39807508642406493739712550055038649119906436234252670
8406385189575946388957261768583317
× 47277214610743530253622307197304822463291469530209711
6459852171130520711256363590397527 .
The question of what key length is to be considered adequate for the RSA
algorithm is revised each time progress in factorization is made. A. K. Lenstra
and Eric R. Verheul [LeVe] provide some concrete advice in this regard in their
description of a model for the determination of recommended key lengths
for many types of cryptosystems. Beginning with a set of well-founded and
conservative assumptions, combined with current findings, they calculate some
prognoses as to minimum key lengths to recommend in the future and display
them in tabular form. The values shown in Table 17-1, which are valid for
asymmetric procedures like RSA, El-Gamal, and Diffie-Hellman, are taken from
their results.
Table 17-1. Recommended key lengths according to Lenstra and Verheul
Year
Key Length (in Bits)
2001
990
2005
1149
2010
1369
2015
1613
2020
1881
2025
2174
 
Search WWH ::




Custom Search