There's no doubt that I don't know enough to judge this one, but if it's true...Holy shit. The math works. Bernstein has found ways of using additional hardware to eliminate redundancies and inefficiencies which appear in any linear implementation of the Number Field Sieve. We just never noticed that they were inefficiencies and redundancies because we kept thinking in terms of linear implementations. This is probably the biggest news in crypto in the last decade. I'm astonished that it hasn't been louder.
Note that there have been rumors of an RSA cracker built by a three-letter agency in custom silicon before this, but until analyzing Bernstein's paper I had always dismissed them as ridiculous paranoid fantasies. Now it looks like such a device is entirely feasible and, in fact, likely. Here's the top ranked replies in the slashdot thread. (I don't pay too close attention, but I'm pretty sure this is an unusually high ratio of +5 posts - 21 out of 423.)
Doesn't look like this is a big deal. At least according to Bruce Schneier: "The improvements described in Bernstein's paper are unlikely to produce the claimed speed improvements for practically useful numbers."
|
- jim 2-27-2002 1:21 am
Doesn't look like this is a big deal. At least according to Bruce Schneier: "The improvements described in Bernstein's paper are unlikely to produce the claimed speed improvements for practically useful numbers."
- jim 3-15-2002 10:21 pm