RFC 3766 Determining Strengths For Public Keys Used For Exchanging Symmetric Keys

Anne & Lynn Wheeler lynn at garlic.com
Thu Apr 29 17:18:18 EDT 2004 

also summary entry at
http://www.garlic.com/~lynn/rfcidx12.htm#3766
clicking on ".txt=nnn" field in the summary retrieves the actual RFC


         BCP 86
         RFC 3766
         Title:      Determining Strengths For Public Keys Used
                     For Exchanging Symmetric Keys
         Author(s):  H. Orman, P. Hoffman
         Status:     Best Current Practice
         Date:       April 2004
         Mailbox:    hilarie at purplestreak.com, paul.hoffman at vpnc.org
         Pages:      23
         Characters: 55939
         Updates/Obsoletes/SeeAlso:    None
         I-D Tag:    draft-orman-public-key-lengths-08.txt
         URL:        ftp://ftp.rfc-editor.org/in-notes/rfc3766.txt


Implementors of systems that use public key cryptography to exchange
symmetric keys need to make the public keys resistant to some
predetermined level of attack.  That level of attack resistance is the
strength of the system, and the symmetric keys that are exchanged must
be at least as strong as the system strength requirements.  The three
quantities, system strength, symmetric key strength, and public key
strength, must be consistently matched for any network protocol usage.
While it is fairly easy to express the system strength requirements in
terms of a symmetric key length and to choose a cipher that has a key
length equal to or exceeding that requirement, it is harder to choose
a public key that has a cryptographic strength meeting a symmetric key
strength requirement.  This document explains how to determine the
length of an asymmetric key as a function of a symmetric key strength
requirement.  Some rules of thumb for estimating equivalent resistance
to large-scale attacks on various algorithms are given.  The document
also addresses how changing the sizes of the underlying large integers
(moduli, group sizes, exponents, and so on) changes the time to use
the algorithms for key exchange.




--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/ 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list