[Cryptography] Why are Diffie-Hellman key sizes multiples of 64?

[Kent Borg]

On 1/25/26 4:16 PM, Jon Callas wrote:
> There's no math reason, it's an engineers-being lazy reason, where "lazy" might be a pejorative way to say "prudent." Or not.

Yes, whether there is a math reason or not can be crucial to understand, 
particularly in cryptography which is so easy to mess up in 
implementation and deployment. ("What? A key of all zeros is bad?")

But practicalities matter.

One consideration, which someone else pointed out, writing code with 
consistent timing is valuable. Might be a lot easier to do on nice 
boundaries.

And the mention of creating keys of prime length points out another 
thing to remember:

- When parsing data one should be paranoid and understand the spec and 
think about all the corner cases. To have fewer bugs in the end.

- When writing data one should maybe be conservative and drive down the 
middle. To exercise fewer bugs in the end.


Speaking of practicalities, engineers are about making things work, as 
opposed to scientists who are about understanding some aspect of the 
universe. Engineering is practical where science is theoretical. The 
scientific theory needs to cover every corner case to be valid, whereas 
long ago I observed what I call the "engineering cheat", that is, don't 
(necessarily) solve the problem one is asked to solve, but frequently 
solve a problem next to it. This other problem might be considerably 
easier to solve, this other problem might be more general and accomplish 
more.

To work on nice binary boundaries can make a problem much easier to 
solve on a binary computer. That said, one should never just solve the 
wrong problem, the system needs to account for a different problem 
having been solved. One should never quietly build an arbitrary-boundary 
system out of even-boundary parts and more on. That's part of why I am 
sad that QA is mostly no longer a thing.


-kb