How much stronger is RSA-2048 compared to RSA-1024? It is hard to imagine very big numbers. So what would be your way to explain the difference to someone who doesn't know much about cryptography?
Asked
Active
Viewed 3.3k times
1 Answers
21
You can use the complexity of the GNFS, the fastest known general-purpose factoring algorithm, to estimate the strength (in bits) of an RSA key size.
Referencing the table linked above, a 1024-bit key has approximately 80 bits of strength, while a 2048-bit key has approximately 112 bits. Thus, it takes approximately 2112/280 = 232 times as long to factor a 2048-bit key. In other words, it takes around four billion times longer to factor a 2048-bit key.
Thus, if you were able to magically factor a 1024-bit key in 10 seconds (which is totally unrealistic in every way possible, I may add), then it would take around 1,200 years to factor a 2048-bit key (note: this is not adjusted for Moore's law). Of course, it took around two years and a massive collaborative effort just to factor a 768-bit key, so factoring a 1024-bit key takes far, far longer than 10 seconds. But this is just to demonstrate the point: 2048-bit keys are much more secure.
If you do want to adjust for Moore's law and the ever-faster pace of computing, you can use this approximation by fgrieu. If you solve the equation for when a 2048-bit key is expected to be factored (keeping in mind that this is a rough approximation), you arrive at the year... 2048. So somewhere around 2040-2050, if that linear approximation holds true, we expect 2048-bit keys to be feasibly factored. In comparison, you can see that the 1024-bit key is expected to be factorable sometime around 2015-2020.
