diff options
author | lloyd <[email protected]> | 2012-04-25 13:48:08 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-04-25 13:48:08 +0000 |
commit | b72a44475d06263e1492f8913310b5f29515cba6 (patch) | |
tree | 680752dbd43999cea16851b9c196046d9e5fbd7f /src/pubkey | |
parent | edca5f211722ea6b9d99b8b5fce4603a1b9b422d (diff) | |
parent | f14a9fdee7902ba1a4c962cfbabe29d5146e7c55 (diff) |
propagate from branch 'net.randombit.botan.tls-state-machine' (head a4741cd07f50a9e1b29b0dd97c6fb8697c038ade)
to branch 'net.randombit.botan.cxx11' (head 116e5ff139c07000be431e07d3472cc8f3919b91)
Diffstat (limited to 'src/pubkey')
-rw-r--r-- | src/pubkey/workfactor.cpp | 55 | ||||
-rw-r--r-- | src/pubkey/workfactor.h | 2 |
2 files changed, 29 insertions, 28 deletions
diff --git a/src/pubkey/workfactor.cpp b/src/pubkey/workfactor.cpp index f3d5d164a..72ba75cf9 100644 --- a/src/pubkey/workfactor.cpp +++ b/src/pubkey/workfactor.cpp @@ -1,6 +1,6 @@ /* * Public Key Work Factor Functions -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2012 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -11,39 +11,40 @@ namespace Botan { -/* -* Choose the exponent size for a DL group -*/ size_t dl_work_factor(size_t bits) { -#if 0 /* - These values were taken from RFC 3526 + Based on GNFS work factors. Constant is 1.43 times the asymptotic + value; I'm not sure but I believe that came from a paper on 'real + world' runtimes, but I don't remember where now. + + Sample return values: + |512| -> 64 + |1024| -> 86 + |1536| -> 102 + |2048| -> 116 + |3072| -> 138 + |4096| -> 155 + |8192| -> 206 + + For DL algos, we use an exponent of twice the size of the result; + the assumption is that an arbitrary discrete log on a group of size + bits would take about 2^n effort, and thus using an exponent of + size 2^(2*n) implies that all available attacks are about as easy + (as e.g Pollard's kangaroo algorithm can compute the DL in sqrt(x) + operations) while minimizing the exponent size for performance + reasons. */ - if(bits <= 1536) - return 90; - else if(bits <= 2048) - return 110; - else if(bits <= 3072) - return 130; - else if(bits <= 4096) - return 150; - else if(bits <= 6144) - return 170; - else if(bits <= 8192) - return 190; - return 256; -#else - const double MIN_ESTIMATE = 64; - - const double log_x = bits / 1.44; + + const size_t MIN_WORKFACTOR = 64; + + // approximates natural logarithm of p + const double log_p = bits / 1.4426; const double strength = - 2.76 * std::pow(log_x, 1.0/3.0) * std::pow(std::log(log_x), 2.0/3.0); + 2.76 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0); - return static_cast<size_t>(std::max(strength, MIN_ESTIMATE)); -#endif + return std::max(static_cast<size_t>(strength), MIN_WORKFACTOR); } - } diff --git a/src/pubkey/workfactor.h b/src/pubkey/workfactor.h index bd1a43298..179b580e7 100644 --- a/src/pubkey/workfactor.h +++ b/src/pubkey/workfactor.h @@ -13,7 +13,7 @@ namespace Botan { /** -* Estimate work factor +* Estimate work factor for discrete logarithm * @param prime_group_size size of the group in bits * @return estimated security level for this group */ |