How many key bits are enough?

During the 1990s there was much public discussion about the key length of ciphers. Before we provide some guidelines, there are two crucial aspects to remember:
1. The discussion of key lengths for symmetric crypto algorithms is only relevant if a brute-force attack is the best known attack. If there is an analytical attack that works, a large key space does not help at all. Of course, if there is the possibility of social engineering or implementation attacks, a long key also does not help.
2. The key lengths for symmetric and asymmetric algorithms are dramatically different.
For instance, an 80-bit symmetric key provides roughly the same security as a 1024-bit RSA (RSA is a popular asymmetric algorithm) key.

Table gives a rough indication of the security of symmetric ciphers with respect to brute-force attacks. Large key space is a necessary but not sufficient condition for a secure symmetric cipher. The cipher must also be strong against analytical attacks.


Foretelling the Future Of course, predicting the future tends to be tricky: We can’t really foresee new technical or theoretical developments with certainty. As you can imagine, it is very hard to know what kinds of computers will be available in the year 2030. For medium-term predictions, Moore’s Law is often assumed. Roughly speaking, Moore’s Law states that computing power doubles every 18 months while the costs stay constant. This has the following implications in cryptography: If today we need one month and computers worth $1,000,000 to break a cipher X, then the cost for breaking the cipher will be

  • $500,000 in 18 months (since we onlyhave to buy half as many computers),
  • $250,000 in 3 years,
  • $125,000 in 4.5 years, and so on.