The "bad press" RSA gets is likely due to the fact that in however many years of existence there have been a number of attacks on implementations - for example, side channel attacks, Bleichenbacher's attack on RSA PKCS#1_5 padding etc. Consequently, larger numbers are needed for security in these cases (along with strong primes). In Elliptic Curve groups we use, such a trivial mapping does not exist, although there are some special cases where you can achieve this ( ). In multiplicative group crypto there is a trivial, obvious mapping to the ring of integers (in less mathematical terms, "factorization makes sense"), so you can use techniques like Pohlig-Hellman (.
The bit size of the RSA modulus and the bit size of ECC keys aren't really comparable, as what matters is the number of operations required to break the primitive.Ī better comparison exists between multiplicative group crypto (DH/DSA) and their Elliptic Curve variants.
0 kommentar(er)
