Answer Posted / ramkumar
The key size that should be used in a particular
application of cryptography depends on two things. First of
all, the value of the key is an important consideration.
Secondly, the actual key size depends on what cryptographic
algorithm is being used.
Due to the rapid development of new technology and
cryptanalytic methods, the correct key size for a
particular application is continuously changing. For this
reason, RSA Laboratories refers to its web site
http://www.rsa.com/rsalabs/ for updated recommendations.
The table below contains key size limits and
recommendations from different sources for block ciphers,
the RSA system, the elliptic curve system, and DSA.
Some comments:
Export grade or nominal grade gives little real protection;
the key sizes are the limits specified in the Wassenaar
Arrangement (see Question 6.5.3).
"Traditional recommendations" are recommendations such as
those given in earlier versions of this FAQ. Such
recommendations are normally based on the traditional
approach of counting MIPS-years for the best available key
breaking algorithms. There are several reasons to call this
approach in question. For example, an algorithm with
massive memory requirements is probably not equivalent to
an algorithm with low memory requirements.
The last rows in the table give lower bounds for commercial
applications as suggested by Lenstra and Verheul [LV00].
The first of these rows shows recommended key sizes of
today, while the second row gives estimated lower bounds
for 2010. The bounds are based on the assumption that DES
was sufficiently secure until 1982 along with several
hypotheses, which are all extrapolations in the spirit of
Moore's Law (the computational power of a chip doubles
every 18 months). One questionable assumption they make is
that computers and memory will be able for free. It seems
that this assumption is not realistic for key breaking
algorithms with large memory requirements. One such
algorithm is the General Number Field Sieve used in RSA key
breaking efforts.
------------------------------------------------------------
--------------------
Block Cipher
RSA
Elliptic Curve
DSA
Export Grade 56 512 112 512/112
Traditional
recommendations
80 1024 160 1024/160
112 2048 224 2048/224
Lenstra/Verheul 2000
70 952 132 952/125
Lenstra/Verheul 2010
78 1369 146/160 1369/138
------------------------------------------------------------
--------------------
Table 2. Minimal key lengths in bits for different grades.
Notes. The RSA key size refers to the size of the modulus.
The Elliptic Curve key size refers to the minimum order of
the base point on the elliptic curve; this order should be
slightly smaller than the field size. The DSA key sizes
refer to the size of the modulus and the minimum size of a
large subgroup, respectively (the size of the subgroup is
often considerably larger in applications). In the last row
there are two values for elliptic curve cryptosystems; the
choice of key size should depend on whether any significant
cryptanalytic progress in this field is expected or not.
| Is This Answer Correct ? | 0 Yes | 1 No |
Post New Answer View All Answers
why hash functions are not used for encryption but authentication ?
How to I prevent other users from using Kryptel (Silver Key)?
What are the disadvantages of public-key cryptography compared with secret-key cryptography?
What is an algorithm?
What are the cfb and ofb modes?
What are the advantages of public-key cryptography compared with secret-key cryptography?
Blowfish uses the longest key. Does this mean it is the strongest cipher?
What Is Encryption?
Actual role of cryptography is data security .Explain with real world example?
What is probabilistic encryption?
What is a zed encoder? How does it work?
What is the difference between Kryptel and Silver Key?
Do digital signatures help detect altered documents and transmission errors?
What is the difference between a message authentication code (MAC) and a one-way hash?
What are "stream" and "block" ciphers?
