This paper proposes for 128 bit security level the security parameter for class groups should 6656 bits. I haven't read the paper in enough detail to estimate the security of a 4096 bit discriminant.
The author's estimate the impact of Sutherland's algorithm for finding the order of a class group on security.
Some thoughts.
My initial assessment that for our narrow use case, these finding are of low impact. They would be higher impact if also expected the VDF to be a random oracle but we don't need the assumption.
if we update this, we need to remember to
[ ] Update the tests and mock results
[ ] Update the miner and verifier to take the larger proofs.
earthwindfirewater
commented
3 years ago
This paper proposes for 128 bit security level the security parameter for class groups should 6656 bits. I haven't read the paper in enough detail to estimate the security of a 4096 bit discriminant.
Paper: https://eprint.iacr.org/2020/196 h/t Eli Ben Sasson
The author's estimate the impact of Sutherland's algorithm for finding the order of a class group on security.
Some thoughts.
My initial assessment that for our narrow use case, these finding are of low impact. They would be higher impact if also expected the VDF to be a random oracle but we don't need the assumption.
if we update this, we need to remember to