Migrate from RSA to ECC
Elliptic curve cryptography would show performance increases and key-size decreases over RSA.
Nope,a post quantum algorithm is better!!!!!!!
For example NTRU
You are aware that this article is discussing the use of quantum computers. Since these do not exist this, for the time, is a moot point. It is also known that most modern crypto is broken with quantum computing.
Ecc is easier to break then rsa,
While your article is informative, I think you have the wrong take away message and it seems like you did not read many parts:
0) the only NIST standard that is known to be compromised is the Dual Elliptic Curve Deterministic Random Bit Generator; and "Researchers have warned since 2007 that Dual_EC_DRBG has a serious weakness".
1) "Silent Circle's new decision ... doesn't mean that these standards are insecure"
2) even Silent Circle is not moving away from ECC: "Silent Circle plans to replace the P-384 elliptic curve with one or more curves that are being designed by cryptographers Daniel Bernstein and Tanja Lange"
Now, if you read through all the comments to this request, you will notice that I never suggested any NIST curves be used. This is because for me too, "the spell is broken". Of curves that I proposed [Curve1174, Curve25519, Curve383187, Curve41417], Curve1174, Curve25519, and Curve41417] were designed by the same "Daniel Bernstein and Tanja Lange" that Silent Circle is using. So correct me if I am wrong, but I believe I am suggesting curves from the same subset that Silent Circle is using.
There are several other considerations that you can use when selecting a good curve and there are such things as secure or safe elliptic curves. For this, I once again direct anyone to [ http://safecurves.cr.yp.to/ ] for a more in depth analysis by PhDs.
Furthermore, ECC is based on a difficult maths problem [discrete logarithm] in the same way that RSA is based on a difficult maths problem [prime number factoring]. While the two problems are likely not of the same difficulty, they are both hard enough that current computational methods cannot solve current implementations. So, it is not as though one was weakened by the NSA. As well the discrete logarithm problem is used elsewhere in crypto [diffie-helman key exchanges], so there is twice the implementation to find possible flaws.
No, just upgrade to 4096 bit RSA. It is safer since the NSA has tried to weaken ECC. We are only sending emails, not large amounts of data like with VPN. We are not sure yet what ECC's are secure (if any).
I agree with Colin Arnott
If not a complete migration, I would at least like the option to use ECC over RSA
While any ecc curve can be used, you should really look into cryptographically secure curves. I would advise the following curves based on your key-size preference: [Curve1174, Curve25519, Curve383187, Curve41417] See the following for more information about why to NOT use NIST and some other curves: <http://safecurves.cr.yp.to/>.