Re: [Sks-devel] peer request for pgp.uplinklabs.net

[Gunnar Wolf]

Andrew Gallagher dijo [Wed, Aug 31, 2016 at 10:14:01AM +0100]:
> I'm sceptical of the utility of ECC keys personally. They were first
> proposed as a way of reducing work and storage space (because the
> space of usable ECC keys is more compact than the sparsely
> distributed RSA primes). But they've taken so long to catch on that
> technology advancement has made their original justification largely
> irrelevant (the only exception to my knowledge being DNSSEC, where
> signature length restrictions are still important). And because the
> ECC keyspace is more efficiently packed, it is theoretically *more*
> susceptible to quantum attacks.

I'm far from a worthy crypto geek myself, but still — Storage space is
not the decisive issue; storing a million 4096-bit keys is only an
order of magnitude more than storing a million 256-bit keys (the same
proportion would naturally apply for a single key), and information
appended to the keys themselves (such as photo attributes and the
signatures that constitute the web of trust) make the difference quite
unnoticeable.

What is really a difference is the arithmetic operations upon which
they are based: Encryption and decryption under RSA are based on long
series of multiplications (or rather, huge exponentiation). Under ECC,
the operations are "just" series of additions. Adding is way cheaper
for a computer than multiplying, so your hardware will be able to
perform many, many more cryptographic operations with ECC than with
RSA.