Determining Strengths For Public Keys Used For Exchanging Symmetric Keys

摘要

Implementors of systems that use public key cryptography to exchangesymmetric keys need to make the public keys resistant to somepredetermined level of attack. That level of attack resistance is thestrength of the system, and the symmetric keys that are exchanged mustbe at least as strong as the system strength requirements. The threequantities, system strength, symmetric key strength, and public keystrength, must be consistently matched for any network protocol usage.While it is fairly easy to express the system strength requirements interms of a symmetric key length and to choose a cipher that has a keylength equal to or exceeding that requirement, it is harder to choose apublic key that has a cryptographic strength meeting a symmetric keystrength requirement. This document explains how to determine thelength of an asymmetric key as a function of the length of a symmetrickey. Some rules of thumb for estimating equivalent resistance tolarge-scale attacks on various algorithms are given. The document alsoaddresses how changing the sizes of the underlying large integers(moduli, group sizes, exponents, and so on) changes the time to use thealgorithms for key exchange.