Comments on: Elliptic Curve Cryptography in OpenSSH

By: Zooko O'Whielacronx

Zooko O'Whielacronx — Fri, 08 Apr 2011 18:15:20 +0000

“Generally speaking, the equivalent DSA keys would require 4-times the bit strength of ECDSA keys. In other words, a 256-bit ECDSA key is equivalent in strength to a 1024-bit DSA key.”

That’s not the consensus. Check out this cool site that lets you explore recommendations: http://keylength.com .

Here is what it says if you ask it what is equivalent to 256-bit ECC keys:

http://tahoe-lafs.org/~zooko/Keylength%20-%20Compare%20all%20Methods.html

Only the German standards body, BSI, thinks that a 256-bit ECC key is equivalently strong to a 2048 DSA key. The other researchers range from 3072 up to 4440 bit DSA keys as being as strong as 256-bit ECDSA keys!

By: gepgep

gepgep — Sat, 19 Feb 2011 18:11:55 +0000

asdfasdfa

By: Links 19/2/2011: Red Hat Enterprise Linux 4.9, ODF Plugfest UK Imminent | Techrights

Sat, 19 Feb 2011 17:12:36 +0000

[...] Elliptic Curve Cryptography in OpenSSH [...]

By: Tweets that mention Aaron Toponce : Elliptic Curve Cryptography in OpenSSH -- Topsy.com

Fri, 18 Feb 2011 11:40:57 +0000

[...] This post was mentioned on Twitter by toorghezi and Stéphane Bortzmeyer, Jean Baptiste FAVRE. Jean Baptiste FAVRE said: Elliptic Curve #Cryptography in #OpenSSH http://pthree.org/2011/02/17/elliptic-curve-cryptography-in-openssh/ [...]

By: Aaron

Aaron — Fri, 18 Feb 2011 10:26:13 +0000

Here’s a paper describing ECC on constrained devices, such as 8-bit CPUs. It’s lengthy, but shows why ECC is such a great fit for smaller devices:

http://www.crypto.rub.de/imperia/md/content/texte/theses/kumar_diss.pdf

It mentions in detail the Elliptic Curve Diffie-Hellman (ECDH) protocol (which OpenSSH 5.7 and later supports as well) which is possible on these devices without a cryptographic processor.

Anyway, FYI.

By: Aaron

Aaron — Fri, 18 Feb 2011 10:15:56 +0000

Nope, it’s not a typo. I do in fact mean 521 bits. Here’s the RFC: http://www.faqs.org/rfc/rfc4754.txt

When I’m talking about the algorithm, I’m referring to the encryption/decryption algorithm. ECC doesn’t depend on S-boxes, so it can achieve higher cycles per byte than most other algorithms.

Also, because it’s based on the algebraic properties of elliptic curves, rather than factoring large primes, the math is an order of magnitude lighter to compute, thus it’s great for embedded systems, lower-end CPUs, etc. Even the LOC to implement ECC in any specific language is less than traditional AES, 3DES, RSA, DSA and other algorithms.

By: mindcorrosive

mindcorrosive — Fri, 18 Feb 2011 09:54:11 +0000

> The bit strengths are 256, 384 and 521.

Perhaps you mean 512? 521 is an.. odd number.

When you say “the algorithm is faster and lighter”, do you mean the key generation only, or the encrypt/decrypt cycle?