Ideally, key length would coincide with the lower-bound on an algorithm’s security. Encryption systems are often grouped into families. As each of these is of a different level of cryptographic complexity, it is usual to have different key sizes for the same level of security, depending upon the schneier bitcoin calculator used.
For example, the security available with a 1024-bit key using asymmetric RSA is considered approximately equal in security to an 80-bit key in a symmetric algorithm. The actual degree of security achieved over time varies, as more computational power and more powerful mathematical analytic methods become available. For this reason cryptologists tend to look at indicators that an algorithm or key length shows signs of potential vulnerability, to move to longer key sizes or more difficult algorithms. The 2015 Logjam attack revealed additional dangers in using Diffie-Helman key exchange when only one or a few common 1024-bit or smaller prime moduli are in use. This common practice allows large amounts of communications to be compromised at the expense of attacking a small number of primes. This section needs additional citations for verification.
Even if a symmetric cipher is currently unbreakable by exploiting structural weaknesses in its algorithm, it is possible to run through the entire space of keys in what is known as a brute force attack. Since longer symmetric keys require exponentially more work to brute force search, a sufficiently long symmetric key makes this line of attack impractical. With a key of length n bits, there are 2n possible keys. This number grows very rapidly as n increases. 128-bit keys is widely considered out of reach for conventional digital computing techniques for the foreseeable future. US Government export policy has long restricted the ‘strength’ of cryptography that can be sent out of the country. For many years the limit was 40 bits.
IBM’s Lucifer cipher was selected in 1974 as the base for what would become the Data Encryption Standard. Lucifer’s key length was reduced from 128 bits to 56 bits, which the NSA and NIST argued was sufficient. The Advanced Encryption Standard published in 2001 uses a key sizes of 128 bits, 192 or 256 bits. National Institute for Standards and Technology, NIST proposed phasing out 80-bit keys by 2015.
At 2005, 80-bit keys were allowed only until 2010. Since 2015, NIST guidance says that “the use of keys that provide less than 112 bits of security strength for key agreement is now disallowed. NIST approved symmetric encryption algorithms include three-key Triple DES, and AES. These problems are time consuming to solve, but usually faster than trying all possible keys by brute force.
As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. The Finite Field Diffie-Hellman algorithm has roughly the same key strength as RSA for the same key sizes. The work factor for breaking Diffie-Hellman is based on the discrete logarithm problem, which is related to the integer factorization problem on which RSA’s strength is based. One of the asymmetric algorithm types, elliptic curve cryptography, or ECC, appears to be secure with shorter keys than other asymmetric key algorithms require. NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms. The NSA previously specified that “Elliptic Curve Public Key Cryptography using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 and SHA-256 are appropriate for protecting classified information up to the SECRET level. Use of the 384-bit prime modulus elliptic curve and SHA-384 are necessary for the protection of TOP SECRET information.
The two best known quantum computing attacks are based on Shor’s algorithm and Grover’s algorithm. Of the two, Shor’s offers the greater risk to current security systems. Derivatives of Shor’s algorithm are widely conjectured to be effective against all mainstream public-key algorithms including RSA, Diffie-Hellman and elliptic curve cryptography. According to NSA “A sufficiently large quantum computer, if built, would be capable of undermining all widely-deployed public key algorithms used for key establishment and digital signatures. It is generally accepted that quantum computing techniques are much less effective against symmetric algorithms than against current widely used public key algorithms.