How large should RSA public keys be chosen?

Aug 29, 1997

Abstract

This lecture describes the computational requirements of the best integer factoring algorithms known, but not any details of how they work. It recounts the history of the speed of factoring algorithms and the computational power of computers over the past 25 years, and tries to predict how large numbers we will be able to factor in the future and thus how large RSA keys should be chosen now if the secrets they protect must not be revealed for a certain number of years. We consider covert attacks in which the attacker does not wish to be detected as well as overt attacks in which many people cooperate publicly to factor a number.