Browse Prior Art Database

Determining Strengths For Public Keys Used For Exchanging Symmetric Keys (RFC3766)

IP.com Disclosure Number: IPCOM000028122D
Original Publication Date: 2004-Apr-01
Included in the Prior Art Database: 2004-Apr-27
Document File: 24 page(s) / 56K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

H. Orman: AUTHOR [+2]

Abstract

Implementors of systems that use public key cryptography to exchange symmetric keys need to make the public keys resistant to some predetermined level of attack. That level of attack resistance is the strength of the system, and the symmetric keys that are exchanged must be at least as strong as the system strength requirements. The three quantities, system strength, symmetric key strength, and public key strength, must be consistently matched for any network protocol usage.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group                                           H. Orman

Request for Comments: 3766                            Purple Streak Dev.

BCP: 86                                                       P. Hoffman

Category: Best Current Practice                           VPN Consortium

                                                              April 2004

               Determining Strengths For Public Keys Used

                     For Exchanging Symmetric Keys

Status of this Memo

   This document specifies an Internet Best Current Practices for the

   Internet Community, and requests discussion and suggestions for

   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   Implementors of systems that use public key cryptography to exchange

   symmetric keys need to make the public keys resistant to some

   predetermined level of attack.  That level of attack resistance is

   the strength of the system, and the symmetric keys that are exchanged

   must be at least as strong as the system strength requirements.  The

   three quantities, system strength, symmetric key strength, and public

   key strength, must be consistently matched for any network protocol

   usage.

   While it is fairly easy to express the system strength requirements

   in terms of a symmetric key length and to choose a cipher that has a

   key length equal to or exceeding that requirement, it is harder to

   choose a public key that has a cryptographic strength meeting a

   symmetric key strength requirement.  This document explains how to

   determine the length of an asymmetric key as a function of a

   symmetric key strength requirement.  Some rules of thumb for

   estimating equivalent resistance to large-scale attacks on various

   algorithms are given.  The document also addresses how changing the

   sizes of the underlying large integers (moduli, group sizes,

   exponents, and so on) changes the time to use the algorithms for key

   exchange.

Orman & Hoffman          Best Current Practice                  [Page 1]

RFC 3766         Determining Strengths for Public Keys        April 2004

Table of Contents

   1.  Model of Protecting Symmetric Keys with Public Keys. . . . . .  2

       1.1. The key exchange algorithms . . . . . . . . . . . . . . .  4

   2.  Determining the Effort to Factor . . . . . . . . . . . . . . .  5

       2.1. Choosing parameters for the equation. . . . . . . . . . .  6

       2.2. Choosing k from empirical reports . . . . . . . . . . . .  7

       2.3. Pollard's rho method. ....