Key Size in Cryptography
Simplified Cryptography Primer
In asymmetric or public-key encryption there are two main parts:
- Encryption Algorithm (RSA, ECC, …)
- Cryptographic key pair
The two keys of the same key pair are strongly interconnected and are used together to achieve different properties:
- confidentiality (message received by intended parties)
- authenticity (guarantees identity of the author)
- integrity (message has not been modified)
The length of the cryptographic key is defined by its length measured in bits and generally the longer the key the better the security. With the RSA encryption Algorithm, a common starting point is 1024 but that has been shown to be not secure enough and its use is highly discouraged. The next size of 2048 is currently deemed “acceptable” but will not be secure enough by the year 2030 and beyond according to published standards by NIST. While its difficult to say, it is believed that a key size of 4096 would yield approx 129 bits of security and should be safe beyond 2030 according to NIST. The same can be said for keys of 3072 bits in size as their is no requirement it must be a power of two other than its advantages in terms of speed.
So given that, why don’t we just always use 4096? The answer is the increase in security is only 18 bits or a mere 16% increase and requires more storage, more cpu usage, and higher power consumption. The real advantage is future proofing but better algorithms exist in Elliptic Curve Cryptography (ECC) that are alternatives to RSA. Other than signature verification where RSA is faster, ECC outperforms RSA in everything else and uses smaller keys than RSA. According to NIST, ECC-255 and ECC-383 bits are equivalent to RSA-2048 and RSA-4096 key sizes.
source: Yubico – https://www.yubico.com/2015/02/key-size-matter-cryptography/
source: NIST – http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf