In the world of cryptography, advances are few and far between relative to the rest of the security and technology industries. But one of those rare forward leaps came Monday when a team comprising mathematicians and cryptographers from three universities announced that they had factored a 307-digit “special number.” The 1020-bit number is the largest of its kind factored to date, and cryptographers say the team’s work could portend bad things for systems based on 1024-bit RSA encryption.
On his blog, Bruce Schneier writes that anyone who hasn’t yet moved away from 1024-bit RSA is living dangerously. “I hope RSA applications would have moved away from 1024-bit security years ago, but for those who haven’t yet: wake up,” Schneier writes. Eric Rescorla, on his Educated Guesswork blog, counsels a bit more caution. “Given the gap between general and special numbers, we’re likely still a ways off from the point where it’s practical for an attacker to go after a single person’s RSA key, even at 1024 bits,” Rescorla writes.
For those of you factoring at home, it took the team of researchers from NTT in Japan, the University of Bonn in Germany and the Ecole Polytechnique Federale de Lausanne in Switzerland, 11 months to factor the number, which has a special representation of 21039-1. In a press release announcing the accomplishment, Arjen Lenstra, a cryptology professor at the EPFL, says that time is short for 1024-bit RSA, although factoring an RSA key, which is produced by multiplying two large prime numbers, is more difficult than factoring so-called special numbers.
“Last time, it took nine years for us to generalize from a special to a non-special hard-to factor number (155 digits). I won’t make predictions, but let’s just say it might be a good idea to stay tuned,” Lenstra said.