It also bugged me that different classes of attacks were grouped together to build a "case" against RSA.
Looking at the slides again:
"There is a small but real chance that both RSA and non-ECC DH will soon become unusable"
"key sizes may have to up to 16kbit" - "wildly impractical" (WHY???)
L(1/4) isn't quite enough to make RSA unusable with large enough keys. I ran the numbers for 64k but you don't need to go as large.
It's not clear that this sort of linear progression presented is real. Some math problems don't see any progress in a long time and some see big progress rapidly. Seems to me like it's trying to find a pattern where there isn't one necessarily.
To conclude. RSA may fall tomorrow. ECC may fall tomorrow. AES may fall tomorrow. I agree with the principle we need to have some agility built in to cryptosystems (though if it falls we're kind of screwed). Maybe we need to combine cryptosystems such that one breaking won't take us down. Added complexity and changes create attack opportunities (at least current implementations are battle hardened).
Looking at the slides again:
"There is a small but real chance that both RSA and non-ECC DH will soon become unusable"
"key sizes may have to up to 16kbit" - "wildly impractical" (WHY???)
L(1/4) isn't quite enough to make RSA unusable with large enough keys. I ran the numbers for 64k but you don't need to go as large.
It's not clear that this sort of linear progression presented is real. Some math problems don't see any progress in a long time and some see big progress rapidly. Seems to me like it's trying to find a pattern where there isn't one necessarily.
To conclude. RSA may fall tomorrow. ECC may fall tomorrow. AES may fall tomorrow. I agree with the principle we need to have some agility built in to cryptosystems (though if it falls we're kind of screwed). Maybe we need to combine cryptosystems such that one breaking won't take us down. Added complexity and changes create attack opportunities (at least current implementations are battle hardened).