This preview shows page 1. Sign up to view the full content.
Unformatted text preview: years from now, we may be able to factor anything. I think that is unlikely, though. Not everyone will agree with my recommendations. The NSA has mandated 512bit to 1024bit keys for their Digital Signature Standard (see Section 20.1)—far less than I recommend for longterm security. Pretty Good Privacy (see Section 24.12) has a maximum RSA key length of 2047 bits. Arjen Lenstra, the world’s most successful factorer, refuses to make predictions past 10 years [949]. Table 7.8 gives Ron Rivest’s keylength recommendations, originally made in 1990, which I consider much too optimistic [1323]. While his analysis looks fine on paper, recent history illustrates that surprises regularly happen. It makes sense to choose your keys to be resilient against future surprises. Table 7.7 Longrange Factoring Predictions Year Key Length (in bits) 1995 2005 2015 2025 2035 2045 1024 2048 4096 8192 16,384 32,768 Low estimates assume a budget of $25,000, the quadratic sieve algorithm, and a technology advance of 20 percent per year. Average estimates assume a budget of $25 million, the general number field sieve algorithm, and a technology advance of 33 percent per year. High estimates assume a budget of $25 billion, a general quadratic sieve algorithm running at the speed of the special number field sieve, and a technology advance of 45 percent per year. There is always the possibility that an advance in factoring will surprise me as well, but I factored that into my calculations. But why trust me? I just proved my own foolishness by making predictions. DNA Computing
Now it gets weird. In 1994 Leonard M. Adleman actually demonstrated a method for solving an NPcomplete problem (see Section 11.2) in a biochemistry laboratory, using DNA molecules to represent guesses at solutions to the problem [17]. (That’s “solutions” meaning “answers,” not meaning “liquids containing solutes.” Terminology in this field is going to be awkward.) The problem that Adleman solved was an instance of the Directed Hamiltonian Path problem: Given a map of cities connected...
View Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details