Special-Purpose Hardware in Cryptanalysis: The Case of 1,024-Bit RSA

For efficiency, we should implement cryptographic subsystems with short keys, but reliably estimating minimal key lengths is a rather involved and complicated process - especially for systems with long life cycles and limited update capabilities. In symmetric cryptography, experts consider 56-bit IDES (Data Encryption Standard) keys to be inadequate for most applications: new devices can efficiently derive a DES key from known plaintext-ciphertext pairs. Discussion in asymmetric cryptography circles currently focuses on 1,024-bit RSA key security. Interestingly, in this discussion, a major argument put forward for the insecurity of 1,024-bit RSA isn´t due to paramount theoretical progress but to hypothetical hardware devices for factoring large numbers. Unlike quantum computers, these special-purpose designs try to work within the bounds of existing technology; in this article, we look at the ideas underlying some of these designs and their potential