Key size

The key length is an important feature of cryptographic methods and refers to a logarithmic measure of the number of the different possible key of the process.

Definition

The set of all possible keys of a cryptographic method is referred to as the key space. The key number is defined as the size of the key space, ie the number of all possible keys. For symmetrical method to communicate with the key length (specified in bits) in the following ratio:

Where the logarithm of N to the base 2 denotes ( the logarithm dualis, often abbreviated as ld ).

In classic (not on computers based ) methods, such as a simple mono alphabetic substitution or the Enigma machine, you are usually right on the number of possible keys. With modern methods it is more practical to convert the key length according to the above formula, in bits, in order not to have to work to deal with large numbers. In asymmetric cryptosystems, the key length is defined as the length of the key in bits, regardless of the number of keys, because not all strings are valid keys.

Key length and security level

The key length is indeed an important but not the only decisive criterion for the practical security of a cryptographic method. In a small key space, an attacker can simply try all possible keys. The key space must therefore be sufficiently large to make such a brute -force attack futile. An extreme counter-example is the Caesar cipher. Here, there are only 26 different keys themselves can try out very quickly by hand. Thus, a Caesar cipher is easily broken without further knowledge or special cryptanalytic attack by exhaustive ( completely exhaustive ) key searches.

However, a large key space alone is not enough to guarantee the safety of a procedure. From a secure symmetric encryption is required that there should be no attack that is faster than trying all keys. For example, has even such a simple method as a simple monoalphabetic substitution on an impressively large key space of 26! (Factorial) different keys. This corresponds to a number of key 403,291,461,126,605,635,584,000,000. The key length is the equivalent of slightly more than 88 bits. Despite this huge number of keys, which makes an exhaustive key search hopeless even with today's means, this method can be very easily broken ( for example, by statistical methods of attack or by pattern search).

If the claim is satisfied that there is no attack that is faster than trying all keys, then gives the key length of a symmetrical process at the same time the level of security on, so the effort that an attacker would have to operate to perform the procedure with this key length to. interrupt What key length is used, ie depends on the computing power of the expected attacker. Advances in computer technology (" Hardware" ), some older methods can be broken by exhaustive key search, which were once considered safe. An example of this is the " Data Encryption Standard ( DES) ", which served as a standard method for encryption over several decades in the late twentieth century and its 56 bit was chosen long key in the current situation too short. As a secure key length for symmetric methods today 128 bits or more are considered.

In asymmetric method ( " Public Key Methods " ), the security level is not equal to the key length. On the one hand are the key length is not directly the number of possible keys, since a key describes a mathematical object. In the RSA cryptosystem, there are, for example, a key length of 1024 bits not key because not every 1024 -bit number, an RSA modulus, ie the product of two primes. Furthermore, there are known methods that are faster than trying all keys. To determine the equivalent level of safety, this method must be used. For breaking an RSA encryption with a 1024 bit key such an algorithm needs about " elementary operations ", the equivalent level of safety is therefore 73 bits.

Examples of Key numbers and key lengths

  • Caesar Encryption: The key number 25 (corresponding to a key length of about 5 bits )
  • DES: 256 = 72.057.594.037.927.936 (equivalent to 56 -bit)
  • Enigma I: 206.651.321.783.174.268.000.000 (equivalent to about 77 bits)
  • Enigma M4: 60.176.864.903.260.346.841.600.000 (equivalent to almost 86 bits)
  • Monoalphabetic Substitution: 26! (Factorial) = 403.291.461.126.605.635.584.000.000 (equivalent to approximately 88 bits )
  • Triple DES: 2112 = 5.192.296.858.534.827.628.530.496.329.220.096 (equivalent to 112 bits )
  • AES: selectable 2128 = 340.282.366.920.938.463.463.374.607.431.768.211.456 (equivalent to 128 bits ),
  • 2192 = 6.277.101.735.386.680.763.835.789.423.207.666.416.102.355.444.464.034.512.896 (equivalent to 192 -bit) or
  • 2256 = 115.792.089.237.316.195.423.570.985.008.687.907.853.269.984.665.640.564.039.457.584.007.913.129.639.936 (up to 256 bit)
Public-key cryptography Advanced Encryption Standard
715767
de