Selecting Cryptographic Key Sizes

Abstract. In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm-based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the cryptosystems.

[1]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[2]  Antoon Bosselaers,et al.  Even Faster Hashing on the Pentium , 1997 .

[3]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[4]  Adi Shamir,et al.  Analysis and Optimization of the TWINKLE Factoring Device , 2000, EUROCRYPT.

[5]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[6]  John R. T. Brazier Possible NSA Decryption Capabilities , 1999, Datenschutz und Datensicherheit.

[7]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[8]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[9]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[10]  Adi Shamir Factoring Large Numbers with the Twinkle Device (Extended Abstract) , 1999, CHES.

[11]  Jeff Gilchrist,et al.  Factorization of a 512-Bit RSA Modulus , 2000, EUROCRYPT.

[12]  Matthew J. Weiner,et al.  Efficient DES Key Search , 1994 .

[13]  Yvo Desmedt,et al.  Efficient Hardware and Software Implementations for the DES , 1985, CRYPTO.

[14]  Arjen K. Lenstra,et al.  Factoring Integers Using SIMD Sieves , 1994, EUROCRYPT.

[15]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[16]  R. Gallant,et al.  Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves , 1998 .

[17]  Robert D. Silverman Exposing the Mythical MIPS Year , 1999, Computer.

[18]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[19]  Robert D. Silverman A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths RSA Labs bulletin , 2000 .

[20]  Thorsten von Eicken,et al.  技術解説 IEEE Computer , 1999 .

[21]  Antoine Joux,et al.  Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups , 2001, IACR Cryptology ePrint Archive.

[22]  D. Johnson,et al.  ECC , Future Resiliency and High Security Systems March 30 , 1999 , 1999 .

[23]  Arjen K. Lenstra,et al.  The XTR Public Key System , 2000, CRYPTO.

[24]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[25]  Paul C. Kocher,et al.  Breaking DES , 1999 .

[26]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, EUROCRYPT.