[ksk-change] On the topic of 1024-bit ZSKs
Michael StJohns
msj at nthpermutation.com
Mon Oct 20 20:32:53 UTC 2014
On 10/20/2014 3:50 PM, David Conrad wrote:
> Unrelated to KSK change, but as we discussed it in the workshop...
>
> https://kivo.com/p/h985rFcI, slides 37-39
>
> Dr. Bernstein notes (page 38): "Analyses in 2003 concluded that RSA-1024 was breakable; e.g., 2003 Shamir-Tromer estimated 1 year, ≈ USD $10^7"
The paper he references is here
http://www.tau.ac.il/~tromer/papers/cbtwirl.pdf
Hmm... one of the interesting things here is that the author estimates
surface area of the equivalent silicon ASICs necessary for a given rate
of breaking. Given changes in processes (e.g. substantially more
density for about the same prices per wafer) since 2003, I'm wondering
if you can't get a 10 fold improvement for the same price? E.g. call
it 36 days to break a 1024bit key using 2014 ASIC technology and a $1m
investment? http://en.wikipedia.org/wiki/32_nanometer has an
interesting table. 2003 would have had 130 nm technology - 2014 is
running about 14nm.
>
> I'm a bit disappointed at the lack of caveats in Dr. Bernstein's slides.
>
> Regards,
> -drc
>
> P.S. Also perhaps of note (although not directly related to key change), the last bit of slide 47 and slides 50-53.
>
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141020/ccb052f5/attachment.html>
More information about the ksk-rollover
mailing list