Cryptography Asked by Melab on March 2, 2021
I don’t think it makes much sense to use RSA keys to authenticate the establishment of symmetric keys with strengths less than their own. From what I know, a 16384-bit RSA key’s strength is roughly equal to a 256-bit symmetric key’s strength. But how long would the operations take for encryption and decryption/signing?
RSA private key operations with $b$-bit keys scale as $Theta(b^3)$ while public key operations scale as $Theta(b^2)$. The reason public key operations are faster is that you can use a small constant $e$, e.g. $65537$, while $d$ will be as large as the modulus. So private key operations with a 16384-bit key will take about 512 times as long as for a 2048-bit key, and public key operations will take about 64 times as long.
That's pretty painful and you probably don't want to do it. Consider whether you really need a 256-bit security level; the only reason we use symmetric keys that size is for insurance against partial breaks and because that insurance comes pretty cheaply. With asymmetric crypto it's not so cheap any more. If for whatever reason you decide you really do need that kind of security, consider instead using a large elliptic curve such as Ed448-Goldilocks.
Answered by Daniel Franke on March 2, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP