### On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography

Joppe W. Bos, Marcelo E. Kaihara, Thorsten Kleinjung, Arjen K. Lenstra, and Peter L. Montgomery

##### Abstract

Meeting the requirements of NIST’s new cryptographic standards means phasing out usage of 1024-bit RSA and 160-bit elliptic curve cryptography (ECC) by the end of the year 2010. This write-up comments on the vulnerability of these systems to an open community attack effort and aims to assess the risk of their continued usage beyond 2010. We conclude that for 1024-bit RSA the risk is small at least until the year 2014, and that 160-bit ECC over a prime field may safely be used for much longer – with the current state of the art in cryptanalysis we would be surprised if a public effort can make a dent in 160-bit prime field ECC by the year 2020. Our assessment is based on the latest practical data of large scale integer factorization and elliptic curve discrete logarithm computation efforts.

Note: Version 2.1

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
NIST Special Publication 800-57Suite B Cryptography80-bit securityRSAinteger factorizationNFSECCElliptic curve discrete logarithmPollard rho
Contact author(s)
joppe bos @ epfl ch
History
2009-09-01: revised
See all versions
Short URL
https://ia.cr/2009/389

CC BY

BibTeX

@misc{cryptoeprint:2009/389,
author = {Joppe W.  Bos and Marcelo E.  Kaihara and Thorsten Kleinjung and Arjen K.  Lenstra and Peter L.  Montgomery},
title = {On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography},
howpublished = {Cryptology ePrint Archive, Paper 2009/389},
year = {2009},
note = {\url{https://eprint.iacr.org/2009/389}},
url = {https://eprint.iacr.org/2009/389}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.