[Cryptography] Why are Diffie-Hellman key sizes multiples of 64?
Craig B Agricola
craig at theagricolas.org
Sun Jan 25 22:37:12 EST 2026
On Sun, Jan 25, 2026 at 04:16:15PM -0800, Jon Callas wrote:
> > On Jan 25, 2026, at 01:14, Pierre Abbat <phma at bezitopo.org> wrote:
> >
> > Does this requirement come from the library they're using? I don't see what's
> > wrong with using a 4184-bit or 4235-bit prime, as long as it's a safe prime,
> > strong prime, or Fouvry prime.
>
> It's a stupid requirement coming from programmers who don't want to do
> the work to make it work with any machine word size. Nothing to do
> with the math.
>
> <snip>
>
> There's no math reason, it's an engineers-being lazy reason, where
> "lazy" might be a pejorative way to say "prudent." Or not.
Well, to be fair, it's really hard to write general purpose code that is
both performant (ie. at least fast enough to be usable) as well as being
timing-invariant to private data, unless you make the restriction that
the field sizes are multiples of native word sizes...
So "lazy" is "prudent" in avoiding side-channel attacks, at least.
-Craig
More information about the cryptography
mailing list