Is this crypto paper real or fake?
Georgi Guninski
guninski at guninski.com
Sun Sep 20 22:29:11 PDT 2015
On Sun, Sep 20, 2015 at 11:26:23PM +0100, Peter Fairbrother wrote:
> On 20/09/15 14:53, Georgi Guninski wrote:
> >Found this from a DJB paper:
> >
> >http://www.scs.carleton.ca/~paulv/papers/JoC97.pdf
> >
> >
> >Parallel Collision Search with Cryptanalytic Applications
> >
> >Paul C. van Oorschot and Michael J. Wiener
> >
> >CHECK THE DATE:
> >
> >1996 September 23
>
> Both authors are well-known.
>
> Google says the paper was published in the Journal of Cryptology in 1999.
>
>>days...
>
>
> The present day open ECC dlog record stands at about 114 bits, iirc:
> that method used ~2014 custom hardware, but not $10 million worth.
>
Thanks for the answer.
So the DLOG records (Wikipedia gives 113 bits [1] as of 2010)
break these in libressl/openssl:
$ ./inst/libressl-2.2.3/apps/openssl ecparam -list_curves
secp112r1 : SECG/WTLS curve over a 112 bit prime field
secp112r2 : SECG curve over a 112 bit prime field
And these are in quite gray area?
secp128r1 : SECG curve over a 128 bit prime field
secp128r2 : SECG curve over a 128 bit prime field
And what is the computational power of the Bitcoin network
(Allegedly they do 2^80 SHA hashes per week) in terms of
DSA/ECC operations?
AFAIK, for DSA this is just multiplication/squaring modulo
prime for rho.
[1]
https://en.wikipedia.org/w/index.php?title=Discrete_logarithm_records&oldid=663284373#Elliptic_curves
> I'd guess Oorschot and Wiener got something in the numbers wrong. It
> happens.
>
>
> However the parallel collision search technique they describe is
> very real, and has been used to effect. At a guess, the ECC dlog
> record above probably used it, as will most modern collision search
> algorithms.
>
>
> As DJB quoted them, I'd guess that they invented the technique
> (though I knew of the technique, I thought Knuth described/invented
> it).
>
> It's one of those things which are obvious in hindsight; but which
> can be dev'lishly hard to come up with in the first place.
>
>
> -- Peter Fairbrother
>
>
More information about the cypherpunks
mailing list