[496] in cryptography@c2.net mail archive
State of discrete log attacks?
daemon@ATHENA.MIT.EDU (Phil Karn)
Fri Apr 4 14:09:43 1997
Date: Fri, 4 Apr 1997 10:21:42 -0800 (PST)
From: Phil Karn <karn@qualcomm.com>
To: cryptography@c2.net
I have been reading up on CDPD. That's Cellular Digital Packet Data,
the primary competition for the project I've been doing at Qualcomm to
put TCP/IP packet data over CDMA digital cellular.
In the book "Internetwork Mobility: The CDPD Approach" by Taylor et al,
they say that CDPD uses Diffie-Hellman key exchange with a 256-bit
modulus. This seems awfully short. As I recall, the difficulty of the
discrete log problem for a modulus of a given length is roughly comparable
to the difficulty of factoring an RSA modulus of approximately the same
length (perhaps a few bits longer).
Can anyone who knows the current state of discrete log research give me
an estimate of the CPU time required to break a DH exchange that uses
a 256-bit modulus?
Phil
