### Table 3: Comparison of RSA variants. Experimental speedup factors for 1024-bit keys.

2002

"... In PAGE 8: ...ong. Consequently, for security reasons k should not be less than 160. 5 Conclusions We surveyed four variants of RSA designed to speed up RSA decryption and be backwards- compatible with standard RSA. Table3 gives the decryption speedup factors for each of these variants using a 1024-bit RSA modulus. Batch RSA is fully backwards-compatible, but requires the decrypter to obtain and manage multiple public keys and certificates.... ..."

Cited by 11

### Table 3: Comparison of RSA variants. Experimental speedup factors for 1024-bit keys.

2002

"... In PAGE 8: ...60 bits long. Consequently, for security reasons k should not be less than 160. 5 Conclusions We surveyed four variants of RSA designed to speed up RSA decryption and be backwards- compatible with standard RSA. Table3 gives the decryption speedup factors for each of these variants using a 1024-bit RSA modulus. Batch RSA is fully backwards-compatible, but requires the decrypter to obtain and manage multiple public keys and certi cates.... ..."

Cited by 11

### Table 1. RSA Key Use Lifetime Recommendations

2005

"... In PAGE 4: ... Recent guidance [TWIRL, RSA-TR] on key sizes make estimates as to the amount of effort an attacker would need to expend in order to reconstruct an RSA private key. Table1 summarizes the maximum length of time that selected modulus sizes should be used. Note that these recommendations are based on factors such as the cost of processing and memory, as well as cryptographic analysis methods, which were current at the time these documents were published.... ..."

### Table 3: Comparison of RSA variants

"... In PAGE 9: ...60 bits long. This explains our choice of parameter sizes for r1 and r2. 5 Conclusions We surveyed four variants of RSA designed to speed up RSA decryption and be backwards- compatible with standard RSA. Table3 gives the speedup factors for each of these variants using a 1024-bit RSA modulus. Batch RSA is fully backwards-compatible, but requires the decrypter to obtain and manage multiple public keys and certificates.... ..."

### Table 2. Average ECC and RSA execution times on the ATmega128 and the CC1010.

2004

"... In PAGE 10: ... For the RSA public-key operations we used a small exponent of e =216 +1. Table2 summarizes performance, memory usage, and code size of the ECC and RSA implementations. For both the CC1010 and the ATmega128, ECC- 160 point multiplication outperforms the RSA-1024 private-key operation by an order of magnitude and is within a factor of 2 of the RSA-1024 public-key operation.... ..."

Cited by 57

### Table 3: Average time needed to generate RSA keys in seconds RSA key size Time to prepare RSA

"... In PAGE 7: ... The process for generating RSA private key and checking the primality of the public key is placed next. Table3 shows average timing results for generating RSA keys for variable key sizes. The average time is done using ten tests for each key size.... In PAGE 7: ... The average time is done using ten tests for each key size. From Table3 , it is obvious that using 64-bit long RSA keys is very fast. In the sense of security, a 64-bit key is secure enough to transfer public DH keys.... ..."

### Table 1: Computationally equivalent key sizes. Symmetric ECC RSA/DH/DSA

2002

"... In PAGE 1: ... The security of a system is only as good as that of its weakest component; for this reason, the work factor needed to break a symmetric key must match that needed to break the public-key cryptosystem used for key establish- ment. Due to expected advances in cryptanalysis and in- creases in computing power available to an adversary, both symmetric and public-key sizes must grow over time to of- fer acceptable security for a xed protection life span, and Table1 [3] shows this expected key-size growth for various symmetric and public-key cryptosystems. Table 1: Computationally equivalent key sizes.... In PAGE 1: ...As shown in Table1 , the Elliptic Curve Cryptosystem (ECC), o ers the highest strength per bit of any known public-key cryptosystem today. ECC not only uses smaller keys for equivalent strength compared to traditional public- key cryptosystems like RSA, the key size disparity grows as security needs increase.... In PAGE 5: ... Already, there is signi cant momentum behind widespread adoption of the Advanced Encryption Standard (AES) which speci- es the use of 128-bit, 192-bit and 256-bit symmetric keys. As indicated in Table1 , key sizes for public key cryptosys- tems used to establish AES keys will also need to increase from current levels. We believe this trend bodes well for the future of Elliptic Curve Cryptography and not just for wireless environments.... ..."

Cited by 18

### Table 4. Performance of RSA key generation

"... In PAGE 12: ...unctionality i.e. reverse SSL is either for mutual authentication or server authentication with client puzzles whereas early work concentrated on SSL with only server authentication. Finally, Table4 provides the results of our experiments regarding RSA key generation. Note that for a client machine with a slower CPU, these numbers are even higher.... In PAGE 13: ...13 large variance ( Table4 gives the average value computed over 10 different tests). This is due to probabilistic nature of primality test openssl library uses.... ..."