Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The article doesn't mention this, but if you look at the paper[1] it turns out they aren't using ElGamal with elliptic curve fields -- instead they're using prime fields. In that case, you'd want similar key sizes to RSA. (The "less than 256 bit" part is a red herring, the problem is that they are using key sizes that would only be safe if they were using elliptic curves.)

[1]: https://arxiv.org/pdf/1908.05127.pdf



Wow, they are using conventional discrete log cryptography with 256-bit key? What the actual fxxk?! It's literally the equivalent of using 256-bit Diffie-Hellman, or RSA-256, DSA-256, dammit, even NSA's bad DH_EXPORT ciphers use 512-bit. Totally unbelievable.


Wow. Even I know this. It's mentioned in every entry level text on EC cryptography.


Haha same. You know it's bad when someone with only an introductory course in cryptography understands what the problem is




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: