On Sat, Dec 14, 2013 at 2:55 AM, Tom Ritter <tom@ritter.vg> wrote:
I can answer for Cryptopocalype. :) I had a follow-up blog post after Black Hat, but the crux is looking for the next crypto black swan. Joux's work in optimizing the function field sieve for fields of a small characteristic has been a significance improvement kind of out of left field. If he or anyone else made improvements to the FFS for fields of a large characteristic or the GNFS - we would be in a bad way. The security margin on the ECDLP is greater than DL or factoring and while we've got the algorithms, the implementations are sometimes missing and the ability to pivot, in software update mechanisms, in CAs, everywhere - is completely missing. ECC has other attributes that make it attractive too, so let's get the plumbing ready, so we can support a quick pivot away from RSA and over to ECC if we have to...
thanks! for posterity, the post is at: http://ritter.vg/blog-cryptopocalypse_followup.html