| ▲ | mkj 2 days ago | ||||||||||||||||
What does ed448 mitigate against vs ed25519? | |||||||||||||||||
| ▲ | daneel_w 2 days ago | parent [-] | ||||||||||||||||
The simplified answer is, larger keys that demand a far larger effort to break, in a way similar to RSA-4096 vs RSA-2048. The predicted timelines for quantum computer advances (and the requirements for practical applications) have shrunk dramatically in the past 15 years. What used to be a no-later-than-2035 recommendation for getting off e.g. RSA-2048 in good time, is today no-later-than-2030. The admission of 256-bit curves for ECDSA/ECDH has been supplanted by 384-bit curves already years ago. In the absolutely ground shaking event that a future application of quantum computation somehow manages to cut Ed448's equivalent security of ~224 bits in half, exploring even a small portion of a 112-bit space will still cost more electrical energy than we can possibly provide. | |||||||||||||||||
| |||||||||||||||||