Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security

Get BibTex-formatted data

Author

Matt Blaze,Whitfield Diffie,Ronald L. Rivest,Bruce Schneier,Tsutomu Shimomura,Eric Thompson,Michael Wiener

Entry type

techreport

Abstract

Encryption plays an essential role in protecting the privacy of electronic information against threats from a variety of potential attackers. In so doing, modern cryptography employs a combination of conventional or symmetric cryptographic systems for encrypting data and public key or asymmetric systems for managing the keys used by the symmetric systems. Assessing the strength required of the symmetric cryptographic systems is therefore an essential step in employing cryptography for computer and communication security. Technology readily available today (late 1995) makes brute-force attacks against crypto- graphic systems considered adequate for the past several years both fast and cheap. General purpose computers can be used, but a much more efficient approach is to employ commercially available Field Programmable Gate Array (FPGA) technology. For attackers prepared to make a higher initial investment, custom-made, special-purpose chips make such calculations much faster and significantly lower the amortized cost per solution. As a result, cryptosystems with 40-bit keys offer virtually no protection at this point against brute-force attacks. Even the U.S. Data Encryption Standard with 56-bit keys is increasingly inadequate. As cryptosystems often succumb to 'smarter' attacks than brute force key search, it is also important to remember that the keylengths discussed here are the minimum needed for security against the computational threats considered. Fortunately, the cost of very strong encryption is not significantly greater than that of weak encryption. Therefore, to provide adequate protection against the most serious threats - well-funded commercial enterprises or government intelligence agencies - keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years in the face of expected advances in computing power, keys in the newly-deployed systems should be at least 90 bits long.

Date

1996 – January

URL

http://66.102.1.104/scholar?hl ... ths+for+symmetric+ciphers

Key alpha

Bishop

Note

A Report by an Ad Hoc Group of Cryptographers and Computer Scientists

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Bishop,
	title = "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security",
	author = "Matt Blaze,Whitfield Diffie,Ronald L. Rivest,Bruce Schneier,Tsutomu Shimomura,Eric Thompson,Michael Wiener",
	year = "1996",
	month = "January",
	note = "A Report by an Ad Hoc Group of Cryptographers and Computer Scientists",
	abstract = "Encryption plays an essential role in protecting the privacy of electronic information
against threats from a variety of potential attackers. In so doing, modern cryptography
employs a combination of conventional or symmetric cryptographic systems for encrypting
data and public key or asymmetric systems for managing the keys used by the symmetric
systems. Assessing the strength required of the symmetric cryptographic systems is therefore
an essential step in employing cryptography for computer and communication security.
Technology readily available today (late 1995) makes brute-force attacks against crypto-
graphic systems considered adequate for the past several years both fast and cheap. General
purpose computers can be used, but a much more efficient approach is to employ commercially
available Field Programmable Gate Array (FPGA) technology. For attackers prepared to
make a higher initial investment, custom-made, special-purpose chips make such calculations
much faster and significantly lower the amortized cost per solution.
As a result, cryptosystems with 40-bit keys offer virtually no protection at this point
against brute-force attacks. Even the U.S. Data Encryption Standard with 56-bit keys is
increasingly inadequate. As cryptosystems often succumb to 'smarter' attacks than brute
force key search, it is also important to remember that the keylengths discussed here are
the minimum needed for security against the computational threats considered.
Fortunately, the cost of very strong encryption is not significantly greater than that
of weak encryption. Therefore, to provide adequate protection against the most serious
threats - well-funded commercial enterprises or government intelligence agencies - keys
used to protect data today should be at least 75 bits long. To protect information
adequately for the next 20 years in the face of expected advances in computing power,
keys in the newly-deployed systems should be at least 90 bits long.",
	url = "http://66.102.1.104/scholar?hl=en&lr;=&q;=cache:88s6FJHf96EJ:www.networkdls.com/articles/keylength.pdf+minimal+key+lengths+for+symmetric+ciphers",
}