Problem 4a: How big should secret keys be?

• Even if the cryptosystem is sound, keyspace must be large enough to resist targeted attack by reasonably well-funded adversary

  • but in theory, large keys cost no more than small keys

• History suggests that technology to search keys improves exponentially (performance:cost ratio doubles approx. every 18 months (Moore’s law))

  • Recent study suggests 90 bits is sufficient for secret keys over next 20 years (if cipher has no shortcuts)
  • public keys have to be longer, for technical reasons

Previous slide

Next slide

Back to first slide

View graphic version