Draft Minimum Key Length Recommendations for Variable Length

advertisement
The Minimum Key Length Recommendations for Variable
Length Algorithms
Comparable Algorithm Strengths



The security strength of a symmetric algorithm for a given key is typically
defined as the amount of work to attack the key without any short cut.
Cryptography algorithms provide different security strengths depending on the
algorithm and the key size chosen.
Two algorithms are said to have the same comparable strength if the amount of
work to break the algorithms or determine the keys is approximately the same
using a given resource.
Bits of Security and Key Size



The key size and the bits of security are not same.
A symmetric algorithm of key size X without short cut attacks (try all keys) is
said to have security strength of X bits. E.g AES 128 has security strength of 128
bits.
An asymmetric algorithm of key size Y is said to have security strength of X bits
if it has the comparable algorithm strength of a symmetric algorithm of key size
X. An RSA with key size 1024 has security strength of 80 bits.
Recommendations for the Key Sizes for Respective Algorithms
Year
Bits of Security
Symmetric Key
Algorithms
Through
2010
80
Triple DES
AES 128/192/256
Asymmetric IFC
Algorithms
(RSA)
Min:
key size = 1024
Through
2030
112
Triple DES
AES 128/192/256
Min:
key size = 2048
Beyond
2030
128
AES 128/192/256
Min:
key size = 3072
Asymmetric FFC
Algorithms
(DSA, D-H)
Min:
L = 1024
N = 160
Min:
L = 2048
N = 224
Min:
L = 3072
N = 256
IFC: Integer Factorization Cryptography
FFC: Finite Field Cryptography
D-H: Diffie-Hellman
L: the public key length
N: the private key length
Reference:
1. National Institute of Standards and Technology Special Publication 800-57,
Recommendation of Key Management – Part 1: General, March, 2007, page 66.
2. Digital Signature Standard (DSS), Federal Information Processing Standards
Publication FIPS PUB 186-3, June 2009
Download