article

Selecting Cryptographic Key Sizes

Authors:

Arjen K. Lenstra,

Eric R. VerheulAuthors Info & Claims

Journal of Cryptology, Volume 14, Issue 4

Pages 255 - 293

https://doi.org/10.1007/s00145-001-0009-4

Published: 01 January 2001 Publication History

Abstract

In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm-based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the cryptosystems.

References

[1]

R. Anderson, Why cryptosystems fail, Communications of the ACM, 37(11) (1994), 32-40.

Digital Library

[2]

E. Biham, A fast new DES implementation in software, Proceedings of Fast Software Encryption, LNCS 1267, pp. 260-272, Springer-Verlag, Berlin, 1997.

Digital Library

[3]

M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, Minimal key lengths for symmetric ciphers to provide adequate commercial security, www.bsa.org/policy/encryption/cryptographers_c.html, January 1996.

[4]

A. Bosselaers, Even faster hashing on the Pentium, rump session presentation at Eurocrypt '97, May 13, 1997; www.esat.kuleuven.ac.be/~cosicart/pdf/AB-9701.[pdf, ps.gz].

[5]

J. R. T. Brazier, Possible NSA decryption capabilities, jya.com/nsa-study.htm.

[6]

S. Cavallar, B. Dodson, A. K. Lenstra, W. Lioen, P. L. Montgomery, B. Murphy, H. J. J. te Riele, et al., Factorization of a 512-bit RSA modulus, Proceedings Eurocrypt 2000, LNCS 1807, pp. 1-17, Springer-Verlag, Berlin, 2000.

Digital Library

[7]

www.certicom.com, 1997.

[8]

www.counterpane.com/speed.html.

[9]

M. Davio, Y. Desmedt, J. Goubert, F. Hoornaert, J. J. Quisquater, Efficient hardware and software implementations of the DES, Proceedings Crypto '84, Springer-Verlag, Berlin, 1984.

Digital Library

[10]

W. Diffie, BNR Inc. report, 1980.

[11]

W. Diffie, E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard, Computer, 10 (1977), 74-84.

Digital Library

[12]

B. Dixon, A. K. Lenstra, Factoring integers using SIMD sieves, Proceedings Eurocrypt '93, LNCS 765, pp. 28-39, Springer-Verlag, Berlin, 1993.

Digital Library

[13]

Electronic Frontier Foundation, Cracking DES, O'Reilly, San Francisco, CA, July 1998.

[14]

R. Gallant, Personal communication, August 1999.

[15]

R. Gallant, R. Lambert, S. Vanstone, Improving the parallelized Pollard lambda search on binary anomalous curves; available from www.certicom.com/chal/down-load/paper.ps, 1998.

[16]

D. B. Johnson, ECC, future resiliency and high security systems, March 30, 1999, available from www.certicom.com.

[17]

A. Joux, A one round protocol for tripartite Diffie-Hellman, Proceedings ANTS IV, LNCS 1838, pp. 358- 394, Springer-Verlag, Berlin, 2000.

Digital Library

[18]

A. Joux, K. Nguyen, Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups, available from http://eprint.iacr.org, 2000.

[19]

P. C. Kocher, Breaking DES, RSA Laboratories' Cryptobytes, 4(2) (1999), 1-5; also at www.rsasecurity.com/rsalabs/pubs/cryptobytes.

[20]

P. C. Kocher, Personal communication, September 1999.

[21]

A. K. Lenstra, A. Shamir, Analysis and optimization of the TWINKLE factoring device, Proceedings Eurocrypt 2000, LNCS 1807, pp. 35-52, Springer-Verlag, Berlin, 2000.

Digital Library

[22]

A. K. Lenstra, E. R. Verheul, Selecting cryptographic key sizes, Proceedings PKC 2000, LNCS 1751, pp. 446-465, Springer-Verlag, Berlin, 2000; full version available from www.cryptosavvy.com.

Digital Library

[23]

A. K. Lenstra, E. R. Verheul, The XTR public key system, Proceedings Crypto 2000, LNCS 1880, pp. 1-19, Springer-Verlag, Berlin, 2000; available from www.ecstr.com.

Digital Library

[24]

P. Leyland, Personal communication, September 1999-February 2001.

[25]

A. J. Menezes, Personal communication, September 1999.

[26]

P. L. Montgomery, letter to the editor of IEEE Computer, August 1999.

[27]

V.I. Nechaev, Complexity of a determinate algorithm for the discrete logarithm, Mathematical Notes, 55(2) (1994), 155-172. Translated from Matematicheskie Zametki, 55(2) (1994), 91-101. This result dates from 1968.

[28]

Tiniest circuits hold prospect of explosive computer speeds, The New York Times, July 16, 1999; Chip designers look for life after silicon, The New York Times, July 19, 1999.

[29]

A. M. Odlyzko, The future of integer factorization, RSA Laboratories' Cryptobytes, 1(2) (1995), 5-12; also at www.research.att.com/amo/doc/crypto.html or www.rsasecurity.com/rsalabs/pubs/cryptobytes.

[30]

K. Puolamäki, Java applet on www.cryptosavvy.com.

[31]

www.rsa.com and www.rsasecurity.com.

[32]

A. Shamir, RSA for paranoids, RSA Laboratories' Cryptobytes, 1(3) (1995), 1-4.

[33]

A. Shamir, Factoring integers using the TWINKLE device, Proceedings CHES'99, LNCS 1717, pp. 1-12, Springer-Verlag, Berlin, 1999.

Digital Library

[34]

P. W. Shor, Algorithms for quantum computing: discrete logarithms and factoring, Proceedings of the IEEE 35th Annual Symposium on Foundations of Computer Science, pp. 124-134, 1994.

Digital Library

[35]

V. Shoup, Lower bounds for discrete logarithms and related problems, Proceedings Eurocrypt '97, LNCS 1233, pp. 256-266, Springer-Verlag, Berlin, 1997.

Digital Library

[36]

R. D. Silverman, rump session presentation at Crypto '97.

[37]

R. D. Silverman, Exposing the mythical Mips-Year, IEEE Computer, August 1999, 22-26.

Digital Library

[38]

R. D. Silverman, A cost-based security analysis of symmetric and asymmetric key lengths, RSA Laboratories Bulletin, number 13, April 2000.

[39]

Simon Singh's cipher challenge, www.simonsingh.com/cipher.htm.

[40]

P. C. van Oorschot, M. J. Wiener, Parallel collision search with cryptanalytic applications, Journal of Cryptology, 12 (1999), 1-28.

Digital Library

[41]

E. R. Verheul, Evidence that XTR is more secure than supersingular elliptic curves, Proceedings Eurocrypt 2001, LNCS 2045, pp. 195-210, Springer-Verlag, Berlin, 2001.

Digital Library

[42]

www.wassenaar.org.

[43]

M. J. Wiener, Efficient DES key search, manuscript, Bell-Northern Research, August 20, 1993.

[44]

M. J. Wiener, Performance comparison of public-key cryptosystems, RSA Laboratories' Cryptobytes, 4(1) (1998), 1-5; also at www.rsasecurity.com/rsalabs/pubs/cryptobytes.

[45]

M. J. Wiener, Personal communication, 1999.

[46]

M. J. Wiener, R. J. Zuccherato, Faster attacks on elliptic curve cryptosystems, in S. Tavares and H. Meijer, eds., Selected Areas in Cryptography '98, LNCS 1556, pp. 190-200, Springer-Verlag, Berlin, 1999.

Digital Library

[47]

P. Zimmermann, Personal communication, 1999.

Cited By

Jin HZhou ZPapadimitratos P(2024)Future-proofing Secure V2V Communication against Clogging DoS AttacksProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670932(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670932
He ABu KHuang JPang YGu QRen K(2024)SwiftParade: Anti-Burst Multipath ValidationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.331545721:4(2720-2734)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3315457
Hu CLiu ZLi RHu PXiang THan M(2024)Smart Contract Assisted Privacy-Preserving Data Aggregation and Management Scheme for Smart GridIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330074921:4(2145-2161)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3300749
Show More Cited By

Selecting Cryptographic Key Sizes

Recommendations

Comparative Analysis of RSA and ElGamal Cryptographic Public-key Algorithms
ICASI'18: Proceedings of the Joint Workshop KO2PI and the 1st International Conference on Advance & Scientific Innovation

An asymmetric algorithm is an encryption technique that uses different keys on the process of encryption and decryption. This algorithm uses two keys, public key, and private key. The public key is publicly distributed while the private key is kept ...
Universally anonymizable public-key encryption
ASIACRYPT'05: Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security

We first propose the notion of universally anonymizable public-key encryption. Suppose that we have the encrypted data made with the same security parameter, and that these data do not satisfy the anonymity property. Consider the situation that we would ...
Information security on elliptic curves
CIT'11: Proceedings of the 5th WSEAS international conference on Communications and information technology

The aim of this paper is to provide an overview for the research that has been done so far on elliptic curves cryptography role in information security area. The elliptic curves cryptosystem is the newest public-key cryptographic system and represents a ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Cryptology

Journal of Cryptology Volume 14, Issue 4

January 2001

68 pages

ISSN:0933-2790

Issue’s Table of Contents

Copyright © Copyright © 2001 International Association for Cryptologic Research.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 January 2001

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

141
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jin HZhou ZPapadimitratos P(2024)Future-proofing Secure V2V Communication against Clogging DoS AttacksProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670932(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670932
He ABu KHuang JPang YGu QRen K(2024)SwiftParade: Anti-Burst Multipath ValidationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.331545721:4(2720-2734)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3315457
Hu CLiu ZLi RHu PXiang THan M(2024)Smart Contract Assisted Privacy-Preserving Data Aggregation and Management Scheme for Smart GridIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330074921:4(2145-2161)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3300749
Chen JGuo LShi YShi YRuan Y(2024)An edge computing oriented unified cryptographic key management service for financial contextWireless Networks10.1007/s11276-021-02831-830:5(4003-4016)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/s11276-021-02831-8
Zieglmeier VLoyola Daiqui GPretschner A(2023)Decentralized Inverse Transparency with BlockchainDistributed Ledger Technologies: Research and Practice10.1145/35926242:3(1-28)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3592624
Ullah SZheng JDin NHussain MUllah FYousaf M(2023)Elliptic Curve Cryptography; Applications, challenges, recent advances, and future trendsComputer Science Review10.1016/j.cosrev.2022.10053047:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.cosrev.2022.100530
Chen XYu SWang QGuyeux CWang M(2023)On the cryptanalysis of an image encryption algorithm with quantum chaotic map and DNA codingMultimedia Tools and Applications10.1007/s11042-023-15003-x82:27(42717-42737)Online publication date: 20-Apr-2023
https://dl.acm.org/doi/10.1007/s11042-023-15003-x
Clark MSeamons K(2022)Passwords and CryptwordsProceedings of the 2022 New Security Paradigms Workshop10.1145/3584318.3584324(75-89)Online publication date: 24-Oct-2022
https://dl.acm.org/doi/10.1145/3584318.3584324
Bradbury MJhumka AWatson TFlores DBurton JButler M(2022)Threat-modeling-guided Trust-based Task Offloading for Resource-constrained Internet of ThingsACM Transactions on Sensor Networks10.1145/351042418:2(1-41)Online publication date: 4-Feb-2022
https://dl.acm.org/doi/10.1145/3510424
Tezcan C(2022)Key lengths revisitedJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2022.102402124:COnline publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1016/j.sysarc.2022.102402
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents