Cryptography Reference
In-Depth Information
Table 5.2:
ECRYPT II key length equivalence recommendations (2010) [66]
RSA modulus
ElGamal group size
Elliptic curve
Symmetric equivalent
816
816
128
64
1008
1008
144
72
1248
1248
160
80
1776
1776
192
96
2432
2432
224
112
3248
3248
256
128
15424
15424
512
256
employing elliptic-curve-based ElGamal variants at the same perceived security
level requires keys of only 192 bits, which is significantly shorter.
Currently 1024 bits is regarded as an acceptable general key length for RSA,
with 2048 bits recommended for those who want an extra safety margin. For
elliptic-curve-based ElGamal variants, 160 bits is acceptable and 224 bits provides
a safety margin. However, these recommendations are subject to change over
time. We will discuss key lengths again, from a key management perspective, in
Section 10.2.
5.4.4
The future for public-key cryptosystems
As we have seen, the security of a (good) symmetric cryptosystem primarily relies
on the difficulty of conducting an exhaustive key search. On the other hand,
the security of a public-key cryptosystem is based on the difficulty of solving some
underlying hard computational problem. As we discussed in Section 5.2.3, the
security of RSA is believed to be based on the difficulty of factoring while, as we
discussed in Section 5.3.3, the security of ElGamal is believed to be based on the
difficulty of solving the discrete logarithm problem. As suggested by Table 5.2,
both of these problems are regarded as hard, and neither one is regarded as easier
than the other.
There are considerable advantages to be gained from ensuring that we retain
efficient public-key cryptosystems that are based on different hard problems. If,
one day, someone develops an efficient method for factoring large numbers then
the discrete logarithm problem might, at least in theory, still be secure. That said,
there are some experts who hold the opinion that if a breakthrough occurs that
results in one of these problems no longer being regarded as hard, then there may
be similar implications for the other one. Only time will tell.
