On Sat, Dec 14, 2013 at 2:55 AM, Tom Ritter <t...@ritter.vg> wrote: > I can answer for Cryptopocalype. :) I had a follow-up blog post after Black > Hat, but the crux is looking for the next crypto black swan. Joux's work in > optimizing the function field sieve for fields of a small characteristic > has been a significance improvement kind of out of left field. If he or > anyone else made improvements to the FFS for fields of a large > characteristic or the GNFS - we would be in a bad way. The security margin > on the ECDLP is greater than DL or factoring and while we've got the > algorithms, the implementations are sometimes missing and the ability to > pivot, in software update mechanisms, in CAs, everywhere - is completely > missing. ECC has other attributes that make it attractive too, so let's get > the plumbing ready, so we can support a quick pivot away from RSA and over > to ECC if we have to...
thanks! for posterity, the post is at: http://ritter.vg/blog-cryptopocalypse_followup.html