RFC 3766 (rfc3766) - Page 1 of 23
Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
Alternative Format: Original Text Document
Network Working Group H. Orman
Request for Comments: 3766 Purple Streak Dev.
BCP: 86 P. Hoffman
Category: Best Current Practice VPN Consortium
April 2004
Determining Strengths For Public Keys Used
For Exchanging Symmetric Keys
Status of this Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
Implementors of systems that use public key cryptography to exchange
symmetric keys need to make the public keys resistant to some
predetermined level of attack. That level of attack resistance is
the strength of the system, and the symmetric keys that are exchanged
must be at least as strong as the system strength requirements. The
three quantities, system strength, symmetric key strength, and public
key strength, must be consistently matched for any network protocol
usage.
While it is fairly easy to express the system strength requirements
in terms of a symmetric key length and to choose a cipher that has a
key length equal to or exceeding that requirement, it is harder to
choose a public key that has a cryptographic strength meeting a
symmetric key strength requirement. This document explains how to
determine the length of an asymmetric key as a function of a
symmetric key strength requirement. Some rules of thumb for
estimating equivalent resistance to large-scale attacks on various
algorithms are given. The document also addresses how changing the
sizes of the underlying large integers (moduli, group sizes,
exponents, and so on) changes the time to use the algorithms for key
exchange.
Orman & Hoffman Best Current Practice