Cryptology ePrint Archive: Report 2009/389

On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography

Joppe W. Bos and Marcelo E. Kaihara and Thorsten Kleinjung and Arjen K. Lenstra and Peter L. Montgomery

Abstract: Meeting the requirements of NIST’s new cryptographic standards means phasing out usage of 1024-bit RSA and 160-bit elliptic curve cryptography (ECC) by the end of the year 2010. This write-up comments on the vulnerability of these systems to an open community attack effort and aims to assess the risk of their continued usage beyond 2010. We conclude that for 1024-bit RSA the risk is small at least until the year 2014, and that 160-bit ECC over a prime field may safely be used for much longer – with the current state of the art in cryptanalysis we would be surprised if a public effort can make a dent in 160-bit prime field ECC by the year 2020. Our assessment is based on the latest practical data of large scale integer factorization and elliptic curve discrete logarithm computation efforts.

Category / Keywords: public-key cryptography / NIST Special Publication 800-57, Suite B Cryptography, 80-bit security, RSA, integer factorization, NFS, ECC, Elliptic curve discrete logarithm, Pollard rho

Date: received 10 Aug 2009, last revised 1 Sep 2009

Contact author: joppe bos at epfl ch

Available format(s): PDF | BibTeX Citation

Note: Version 2.1

Version: 20090901:153928 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]