Key Lengths

Arjen K. Lenstra, Lucent Technologies Bell Laboratories and Technische Universiteit Eindhoven


Symmetric Encryption and Cryptographic Hashing

Asymmetric Cryptosystems

Security in Practice


Security Level

Generic Attacks

Security Level

The Cost of an Attack Effort

Relation Between Security Level and Security

Modeling the Relation

Defining Adequate Protection

The Cost of Breaking the DES

Modeling the Effect of Changes in the Computational Environment

The Cost of Adequate Protection

The Effect of Moore's Law

The Effect of the Constant of Proportionality

Alternative Definitions of Adequate Protection

Modeling the Effect of Changes in Cryptanalytic Capabilities

Symmetric Cryptosystems

Block Ciphers

Performance Considerations

Other Considerations

Symmetric Key Lengths That Offer Adequate Protection

Cryptographic Hash Functions

Cryptographic Hash Functions

Cryptanalytic Developments

Performance Considerations

Cryptographic Hash Lengths That Offer Adequate Protection

Asymmetric Methods

Private Key and Public Key

Performance Deterioration

The Design of Asymmetric Cryptosystems

Factoring and Discrete Logarithms

Other Asymmetric Cryptosystems

Factoring-Based Cryptosystems

Main Variants

Trial Division

Exponential Time Factoring Algorithms

Polynomial Time Factoring Algorithms

Subexponential Time Factoring Algorithms

Number Field Sieve

The Cost of the NFS

NFS Results

Extrapolation to Other Modulus Lengths

Cryptanalytic Developments

Small Factors

RSA Modulus Lengths ...

Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.