[Cryptography] Why are Diffie-Hellman key sizes multiples of 64?
Jon Callas
jon at callas.org
Sun Jan 25 19:16:15 EST 2026
> On Jan 25, 2026, at 01:14, Pierre Abbat <phma at bezitopo.org> wrote:
>
> Does this requirement come from the library they're using? I don't see what's
> wrong with using a 4184-bit or 4235-bit prime, as long as it's a safe prime,
> strong prime, or Fouvry prime.
It's a stupid requirement coming from programmers who don't want to do the work to make it work with any machine word size. Nothing to do with the math.
Now, speaking out of the other side of my mouth, if you assume your numbers fit neatly into machine words, you can write a simplified, faster algorithm. At least that's what it says on the marketing brochure.
There was a time when we considered it important that a key be of any reasonable size. I remember having RSA keys that were not 1024 bits, but 1123 bits; cheekily I picked prime numbers of bits of key length because it amused me. It was also a test case for QA -- use the key of weird length in your unit test.
I also remember that there were weird ass restrictions on CAPI. Pulling it out of the mental bit rot, CAPI could do an RSA key of a length that was a multiple of eight bits, plus or minus one.
There's no math reason, it's an engineers-being lazy reason, where "lazy" might be a pejorative way to say "prudent." Or not.
Jon
More information about the cryptography
mailing list