More likely is that the NSA has some mathematical breakthrough that affects one or more public-key algorithms. There are a lot of mathematical tricks involved in public-key cryptanalysis, and absolutely no theory that provides any limits on how powerful those tricks can be.
Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily.
If we think that's the case, the fix is easy: increase the key lengths.
Assuming the hypothetical NSA breakthroughs don't totally break public-cryptography -- and that's a very reasonable assumption -- it's pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We're already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys. And maybe we should be even more paranoid about elliptic curves and use key lengths above 500 bits.[1]
I was thinking about this while rolling 16 sided hex dice to generate some 256-bit randomness and wondered if my dice were loaded.
What if their is a "breakthrough" in hacking elliptical-curve cryptography? I don't mean to sound dire or drab, and I haven't spent enough time on this sub-forum to know if this has been rehashed a million times (if so sage this to hell). I did search a little and couldn't find anything on multiple forms of key generation/use, which leads me to my question.
Is there a need for another form of asymmetric crypto that should be implemented into the base code for use as an alternative or backup in the future?
Is there a need for an extended key length beyond 256? Maybe people using keys larger then 256 pay a little more in fees for their added content size.
Just some questions seeking some intelligent answers. Thanks for your time.
[1] -
https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html
