Second-generation public-key cryptography

This review of a book on elliptic curves summarizes what has happened with public-key cryptography. In a nutshell, methods like RSA were the first generation, and elliptic curve methods are the second generation.

Second-generation methods provide more security per bit. For example, an RSA key with 3072 bits is no more secure than an elliptic curve key with 256 bits.

Posted in Computing
5 comments on “Second-generation public-key cryptography
  1. Michael P says:

    Sadly, the proliferation of patents on computer-implemented mathematics means it will probably be 10 years or more before we see ECC widely adopted. (If pressed, I would give a 90% confidence range of 5 to 15 years of patent encumbrances outweighing the benefits.)

  2. huh says:

    Well, I wouldn’t say that the claim is quite accurate: there is no reduction from breaking 256-bit ECC to breaking 3072-bit RSA; this is just an estimate based on our current best approaches for breaking both.

  3. SteveBrooklineMA says:

    I wonder if RSA is like JPEG in that it’s here to stay even though there might be something theoretically better out there. Are industries going to switch without a pressing need? Claims about “power savings” seem a bit far fetched to me, though I’m no expert. Aren’t RSA etc used just to set up the communication, after which a faster non-public key crypto technique is used?

  4. g says:

    It’s not clear that key length is really the right metric here. How often does it matter whether your key is 256 bits or 3072 bits? Aren’t 256-bit ECC and 3072-bit RSA quite similar in CPU time cost?

  5. g says:

    Sorry, that was a bit too compressed. For the avoidance of doubt, I’m not saying that CPU time is the only thing that matters. Though it might turn out that it is, if — as seems likely — the network bandwidth cost of asymmetric cvrypto keys is negligible.