Prev: Scripting Ciphers.
Next: CFP Applied Computing 2010: submissions until 28 May 2010
From: Eddie on 28 Apr 2010 05:04
Hi guys,

It is known that at a security level of 80-bit, the signature size for
ECDSA is around 320-bit.
In this case, the public key size is around 160-bit and the private
key size is around 160-bit.

Is it correct?

Thanks

From: Tom St Denis on 28 Apr 2010 07:30
On Apr 28, 5:04 am, Eddie <csci...(a)gmail.com> wrote:
> Hi guys,
>
> It is known that at a security level of 80-bit, the signature size for
> ECDSA is around 320-bit.
> In this case, the public key size is around 160-bit and the private
> key size is around 160-bit.
>
> Is it correct?

Actually, the public key is at least 161 bits but typically is 320
(it's a point on the curve).

Technically it CAN be 160 if you only generate keys for which the
public point has a y such that the solution to the square root is the
even choice (thus you don't have to encode it). As I understand it
this totally sidesteps patents on point compression AND is in fact the
more ideal encoding :-)

But as far as standards go, X9.62 uncompressed points are 2*size+1 in
length. The compressed points are 1+size in length. So a 160-bit
curve would have a 41 byte uncompressed public key.

The private key would be 160 in this case.

Tom
 | 
Pages: 1
Prev: Scripting Ciphers.
Next: CFP Applied Computing 2010: submissions until 28 May 2010