Comparison of RSA vs elliptical keys
Sylvain Besençon
sylvain.besencon at unifr.ch
Tue May 12 17:04:10 CEST 2020
Le 12.05.20 à 11:24, Johan Wevers a écrit :
> On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote:
>
>> For example, a 256 bit elliptic curve key has a similar strength to a symmetric key of 128 bits.
>
> Until, of course, a working quantum computer with more than a few qubits
> is constructed. Then ECC is much more vulnerable than RSA or ElGamal due
> to its smaler keysize (of course once a 256 bit quantum computer gets
> constructed I would also worry about 8192 bit RSA being vulnerable too
> in the very near future).
>
Hi,
In the FAQ, it is written:
> Will GnuPG ever support RSA-3072 or RSA-4096 by default?
> Probably not. The future is elliptical-curve cryptography, which will bring a level of safety comparable to RSA-16384. Every minute we spend arguing about whether we should change the defaults to RSA-3072 or more is one minute the shift to ECC is delayed. Frankly, we think ECC is a really good idea and we’d like to see it deployed as soon as humanly possible.
(https://www.gnupg.org/faq/gnupg-faq.html#default_rsa2048)
So, I guess the key size is not the only criteria to evaluate the
strength of a cipher and ECC still provides better results despite
shorter keys.
However, I would be interested to know which ECC cipher would you
recommend to replace RSA. I am not a cryptographer and I don't find any
information (or more honestly: information that I can understand) about
Curve 25519, NIST P-256 (and greater), Brainpool, or secp256k1.
Thanks for the feedback,
Best,
Sylvain
More information about the Gnupg-users
mailing list