|
|
Re: Is factorization of big primeproducts a solved problem YET?
Posted:
Jan 10, 2013 11:28 AM
|
|
Pubkeybreaker <pubkeybreaker@aol.com> writes:
> On Jan 8, 8:46 am, mstem...@walkabout.empros.com (Michael Stemper)
> wrote:
> > In article <kc6gg1$au...@dont-email.me>, David Bernier <david...@videotron.ca> writes:
> > >On 01/04/2013 12:01 AM, JT wrote:
> > >> Does the RSA challenges have a given time complexity of factoring the
> > >> primeproduct, or did they have one that changed during resent years?
> >
> > >The RSA challenge numbers are still available somewhere.
> > >The contests for prize money has been discontinued.
> >
> > >I think many remain unfactored, as far as the general
> > >public knows, i.e. outside cryptologic agencies and
> > >government cipher schools.
> >
> > >They would deliberately choose n = p*q, p, q odd primes
> > >with the digit length of p and q being about half that
> > >of the composite number `n'.
> >
>
> Not 'about half'. Exactly half.
What are you trying to defend against? If you think that your threat
is an ECM-like factor-finding attack, then yes, the smaller one wants
to be large, so you want the two factors to be very similar in size.
However, if you know your threat is a composite-splitting attack, like
GNFS, then the size of the factors is less important, they don't
*need* to be *exactly* the same length.
Were someone to ask you for a bit-op estimate for cracking a p98*p102
and a p100*p100, you'd give the same estimate, wouldn't you?
Of course, in practice, there's no reason not to not chose numbers
of exactly the same length, but that's different from that condition
being an absolute necessity.
Phil
--
I'm not saying that google groups censors my posts, but there's a strong link
between me saying "google groups sucks" in articles, and them disappearing.
Oh - I guess I might be saying that google groups censors my posts.
|
|
