DOCSLIB.ORG

Big Numbers: Public Key Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Big Numbers: The Role Played by Mathematics in Internet Commerce Dr. David Singer (Dept. of Mathematics, CWRU) and Mr. Ari Singer (NTRU Cryptosystems) Copyright 2008 Ari Singer and David Singer Public Key Cryptography Bob (receiver) Alice (sender) Eve (eavesdropper) lice and ob have never met before. Yet they are able to carry on a private conversation on an insecure communications channel and not worry about eavesdroppers. How is this possible? arol and avid are flippin g a coin over the tel eph one, and each is confident the other is not cheating. How is this possible? thel has a secret. She wants to convince red that she knows the secret, but without revealing anything about the secret to him. How is this possible? Cryptography y Cryptography (secret writing), is the art and science of secure transmission of confidential information. y It also allows secure storage of dtdata. y Only someone with the key can get access. “Classical” Cryptography y Dates back to antiquity y Alice and Bob agree on a method of encryption and a shared secret key. y Alice uses the key to encrypt the message she sends. y Bob uses the same key to decrypt the message.. Classical Cryptanalysis scar attempts to determine the contents of an encrypted message without the key. He may try all possible keys (Brute force) Or he may use more subtle techniques, such as analysis of statistical anomalies. Modern Cryptography New Directions in Cryptography, by Whitfield Diffie and Martin Hellman, 1976. (Also classified publication by James Ellis in 1970,,) declassified in 1997.) Introduced the essential idea: Public Keys and Private Keys. Bob has two keys: a public key, which is available to anyone, and a private key. Alice uses the public key to lock ((yp);encrypt); Bob uses the private key to unlock (decrypt). Advantages y Alice can communicate without having previously contacted Bob. y No one but Bob can decrypt the message. y Majjyor reduction in the number of keys required for a large group. Public key vsv.s. Private key y Private key: 20 y Public key: 20 users need 190 users need 21 key pairs key pairs Disadvantages y Public-Key Cryptography tends to be slower y May be harder to implement in a secure way Big question: How can it be made To work?? Creating a mathematical secret y It is easy to multiply numbers. y There are usually many ways to get the same product: But if two primes are multiplied together there is only one way to ‘unmultiply’ (factor) them Creating a mathematical secret y Multippylying numbers is “easy” y y But factoring numbers is “hard” Basis for RSA cryptosystem: L.M. Adleman, R.L. Rivest and A. Shamir, 1978 The RSA Cryptosystem y Generate two large prime numbers p and q. Multiply them together to get very large number N. y Compute Eul(ler Totient T=(p-1)(q-1) y Choose numbers e and d for which the prodtduct e times d leaves remaiidnder 1 when divided by T. y Publish (N, e) (this is the public key). y Keep the rest secret. The Encryption algorithm y Turn messaggge into a large number m (encoding) y Compute (this is the remainder left when th is divided by N). y The number c is the encryption of the message! The Decryption Algorithm y Compute y Decode m to get the message. y Mathematical principle: If you know the values of m, e, and N, you can compute c. y If you know the values of c, d, and N, you can compute m. y BUT if you know c, e, and N and can’t factor N, you (probably) can’t get m. A Small Example: N=33 Big Primes Big Primes Factoring into Big Primes Factoring into Big Numbers Digital Signatures RSA can also be used to allow Alice to sign a document. She decrypts the document with her secret key. Anyone else can use her public key to see that she signed it. Digital Signatures y Onlyyyg Alice can use her key to sign a message: Secure Hash Function y In pp,ractice, Alice does not sig n the message itself; she signs a hash ((pa compressed version) . y This makes electronic forgery much more difficult. Mathematical tools y Number theory –for encryption algorithms. y Computational complexity – to know what is hard and what is easy to compute. y Probability theory – randomness is needed for implementing algorithms securely. Mathematical Tools y Computational Mathematics – to know how to make calculations qqyuickly and accurately . y Other mathematics: linear algebra, geometry,… Challenge-response y To ppy,yprove identity, you possess a secret (password). y But you don’t want to give up the secret! (Remember Ethel and Fred) y So you must give a “proof of knowledge. ” Ali Baba’s Cave Ali Baba’s Cave Ali Baba’s Cave Zero-Knowledge Proof y Usinggg challenge-resppqonse techniques, Alice demonstrates she knows the password (with high probability) but does not reveal the password. y She may have to respond to many chllhallenges in order to convince BBbob. y Key idea for solving many problems (e.g., coin-flip over ttleleph one) Why Use Cryptography? y We are ppgrotecting data and there is a lot of data to protect! What are we protecting against? y Well known stuff like ◦ Laptop loss or theft ◦ Data center compromise ◦ Viruses ◦ Hackers ◦ Snooping of e-mail and personal data y And lesser known stuff like ◦ Electronically modifying sensor data in a factory ◦ My neighbor changing the temperature on my refrigerator Cryptographic Services y Privacyy( (encryp tion) –You can’t see it y Integrity (signing) – You can’t change it y Authentication (validation) – I wrote it y Freshness (challenge-response) – I am doing this now Common Security Goals y Protection of data (access control) ◦ Secrecy of data (read access) ◦ Creation of data (write access) y Authentication required to access resources ◦ NtNetwor ks, idiidlindividual machines, etc. y Proof of authorization of an action ◦ Signature on a contract, authorization of payment, etc. Security Goals: Authentication y Web sites – Am I at Amazon.com? y Users– Is this Alice trying to access the site? y Network devices – Is this the DNS server that really knows which machines host amazon.com? Example: Web Authentication Session key Talking to Amazon.com Computes session key Verifies signature Security Goals: Data Secrecy y Data at rest ◦ Databases (e.g. with credit card numbers), hard drive contents, tape drive contents y Data in transit ◦ Premium cable content, phone conversations, e-mails, internet traffic, industrial sensors Example: Wireless Personal Area NNtketwork (WPAN) PNC PNC n o & p o & p q q o & p qq Device DiDevice Device DiDevice r Device Device nDevices determine oEach device requests pThe controller qDevices transmit rTwo devices may which device is best to join the piconet and establishes time slots protected data to optionally establish suite d to b e p icone t perftlforms mutual fhdidfor each device and the o ther devi ces in the ir own secure sub - controller (PNC) and authentication with the distributes piconet the piconet during network. agree on it. controller. payload protection their time slots. keys. Building the Solution y Complexity of requirements on data management often transl at es to complexity of security models y Many companies must come together to create new and better security solutions to meet these new needs y Solutions must balance three competing forces: ◦ Cost ◦ Ease of use ◦ Secu rity Example: Trusted Computing y Goal is to ensure that the hardware and software on your machine is behavinggp prop erly y Inclusion of a Trusted Platform Module (TPM) on a platform assists in building trust in your machine y Many pieces must come together to make this work in practice Example: Trusted Computing Ecosystem Pre-Boot Do You Use Cryptography? y Do you buy anything online? y Do you pay your bills or bank online? y Do you use SpeedPass? y Do you watch cable TV? y Do yypyou ever pay for Internet access when away from home? y Do you access your employer’s network from outside of your office? y Do you like to buy the latest gadgets?.
Recommended publications
  • Public-Key Cryptography

    Public-Key Cryptography

    Public Key Cryptography EJ Jung Basic Public Key Cryptography public key public key ? private key Alice Bob Given: Everybody knows Bob’s public key - How is this achieved in practice? Only Bob knows the corresponding private key Goals: 1. Alice wants to send a secret message to Bob 2. Bob wants to authenticate himself Requirements for Public-Key Crypto ! Key generation: computationally easy to generate a pair (public key PK, private key SK) • Computationally infeasible to determine private key PK given only public key PK ! Encryption: given plaintext M and public key PK, easy to compute ciphertext C=EPK(M) ! Decryption: given ciphertext C=EPK(M) and private key SK, easy to compute plaintext M • Infeasible to compute M from C without SK • Decrypt(SK,Encrypt(PK,M))=M Requirements for Public-Key Cryptography 1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb) 2. Easy for sender to generate ciphertext: C = EKUb (M ) 3. Easy for the receiver to decrypt ciphertect using private key: M = DKRb (C) = DKRb[EKUb (M )] Henric Johnson 4 Requirements for Public-Key Cryptography 4. Computationally infeasible to determine private key (KRb) knowing public key (KUb) 5. Computationally infeasible to recover message M, knowing KUb and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption: M = DKRb[EKUb (M )] = DKUb[EKRb (M )] Henric Johnson 5 Public-Key Cryptographic Algorithms ! RSA and Diffie-Hellman ! RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. • RSA
  • LNCS 7215, Pp

    LNCS 7215, Pp

    ACoreCalculusforProvenance Umut A. Acar1,AmalAhmed2,JamesCheney3,andRolyPerera1 1 Max Planck Institute for Software Systems umut,rolyp @mpi-sws.org { 2 Indiana} University [email protected] 3 University of Edinburgh [email protected] Abstract. Provenance is an increasing concern due to the revolution in sharing and processing scientific data on the Web and in other computer systems. It is proposed that many computer systems will need to become provenance-aware in order to provide satisfactory accountability, reproducibility,andtrustforscien- tific or other high-value data. To date, there is not a consensus concerning ap- propriate formal models or security properties for provenance. In previous work, we introduced a formal framework for provenance security and proposed formal definitions of properties called disclosure and obfuscation. This paper develops a core calculus for provenance in programming languages. Whereas previous models of provenance have focused on special-purpose languages such as workflows and database queries, we consider a higher-order, functional language with sums, products, and recursive types and functions. We explore the ramifications of using traces based on operational derivations for the purpose of comparing other forms of provenance. We design a rich class of prove- nance views over traces. Finally, we prove relationships among provenance views and develop some solutions to the disclosure and obfuscation problems. 1Introduction Provenance, or meta-information about the origin, history, or derivation of an object, is now recognized as a central challenge in establishing trust and providing security in computer systems, particularly on the Web. Essentially, provenance management in- volves instrumenting a system with detailed monitoring or logging of auditable records that help explain how results depend on inputs or other (sometimes untrustworthy) sources.
  • Public Key Cryptography And

    Public Key Cryptography And

    PublicPublic KeyKey CryptographyCryptography andand RSARSA Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/ Washington University in St. Louis CSE571S ©2011 Raj Jain 9-1 OverviewOverview 1. Public Key Encryption 2. Symmetric vs. Public-Key 3. RSA Public Key Encryption 4. RSA Key Construction 5. Optimizing Private Key Operations 6. RSA Security These slides are based partly on Lawrie Brown’s slides supplied with William Stallings’s book “Cryptography and Network Security: Principles and Practice,” 5th Ed, 2011. Washington University in St. Louis CSE571S ©2011 Raj Jain 9-2 PublicPublic KeyKey EncryptionEncryption Invented in 1975 by Diffie and Hellman at Stanford Encrypted_Message = Encrypt(Key1, Message) Message = Decrypt(Key2, Encrypted_Message) Key1 Key2 Text Ciphertext Text Keys are interchangeable: Key2 Key1 Text Ciphertext Text One key is made public while the other is kept private Sender knows only public key of the receiver Asymmetric Washington University in St. Louis CSE571S ©2011 Raj Jain 9-3 PublicPublic KeyKey EncryptionEncryption ExampleExample Rivest, Shamir, and Adleman at MIT RSA: Encrypted_Message = m3 mod 187 Message = Encrypted_Message107 mod 187 Key1 = <3,187>, Key2 = <107,187> Message = 5 Encrypted Message = 53 = 125 Message = 125107 mod 187 = 5 = 125(64+32+8+2+1) mod 187 = {(12564 mod 187)(12532 mod 187)... (1252 mod 187)(125 mod 187)} mod 187 Washington University in
  • Sabermetrics: the Past, the Present, and the Future

    Sabermetrics: the Past, the Present, and the Future

    Sabermetrics: The Past, the Present, and the Future Jim Albert February 12, 2010 Abstract This article provides an overview of sabermetrics, the science of learn- ing about baseball through objective evidence. Statistics and baseball have always had a strong kinship, as many famous players are known by their famous statistical accomplishments such as Joe Dimaggio’s 56-game hitting streak and Ted Williams’ .406 batting average in the 1941 baseball season. We give an overview of how one measures performance in batting, pitching, and fielding. In baseball, the traditional measures are batting av- erage, slugging percentage, and on-base percentage, but modern measures such as OPS (on-base percentage plus slugging percentage) are better in predicting the number of runs a team will score in a game. Pitching is a harder aspect of performance to measure, since traditional measures such as winning percentage and earned run average are confounded by the abilities of the pitcher teammates. Modern measures of pitching such as DIPS (defense independent pitching statistics) are helpful in isolating the contributions of a pitcher that do not involve his teammates. It is also challenging to measure the quality of a player’s fielding ability, since the standard measure of fielding, the fielding percentage, is not helpful in understanding the range of a player in moving towards a batted ball. New measures of fielding have been developed that are useful in measuring a player’s fielding range. Major League Baseball is measuring the game in new ways, and sabermetrics is using this new data to find better mea- sures of player performance.
  • CS 255: Intro to Cryptography 1 Introduction 2 End-To-End

    CS 255: Intro to Cryptography 1 Introduction 2 End-To-End

    Programming Assignment 2 Winter 2021 CS 255: Intro to Cryptography Prof. Dan Boneh Due Monday, March 1st, 11:59pm 1 Introduction In this assignment, you are tasked with implementing a secure and efficient end-to-end encrypted chat client using the Double Ratchet Algorithm, a popular session setup protocol that powers real- world chat systems such as Signal and WhatsApp. As an additional challenge, assume you live in a country with government surveillance. Thereby, all messages sent are required to include the session key encrypted with a fixed public key issued by the government. In your implementation, you will make use of various cryptographic primitives we have discussed in class—notably, key exchange, public key encryption, digital signatures, and authenticated encryption. Because it is ill-advised to implement your own primitives in cryptography, you should use an established library: in this case, the Stanford Javascript Crypto Library (SJCL). We will provide starter code that contains a basic template, which you will be able to fill in to satisfy the functionality and security properties described below. 2 End-to-end Encrypted Chat Client 2.1 Implementation Details Your chat client will use the Double Ratchet Algorithm to provide end-to-end encrypted commu- nications with other clients. To evaluate your messaging client, we will check that two or more instances of your implementation it can communicate with each other properly. We feel that it is best to understand the Double Ratchet Algorithm straight from the source, so we ask that you read Sections 1, 2, and 3 of Signal’s published specification here: https://signal.
  • Choosing Key Sizes for Cryptography

    Choosing Key Sizes for Cryptography

    information security technical report 15 (2010) 21e27 available at www.sciencedirect.com www.compseconline.com/publications/prodinf.htm Choosing key sizes for cryptography Alexander W. Dent Information Security Group, University Of London, Royal Holloway, UK abstract After making the decision to use public-key cryptography, an organisation still has to make many important decisions before a practical system can be implemented. One of the more difficult challenges is to decide the length of the keys which are to be used within the system: longer keys provide more security but mean that the cryptographic operation will take more time to complete. The most common solution is to take advice from information security standards. This article will investigate the methodology that is used produce these standards and their meaning for an organisation who wishes to implement public-key cryptography. ª 2010 Elsevier Ltd. All rights reserved. 1. Introduction being compromised by an attacker). It also typically means a slower scheme. Most symmetric cryptographic schemes do The power of public-key cryptography is undeniable. It is not allow the use of keys of different lengths. If a designer astounding in its simplicity and its ability to provide solutions wishes to offer a symmetric scheme which provides different to many seemingly insurmountable organisational problems. security levels depending on the key size, then the designer However, the use of public-key cryptography in practice is has to construct distinct variants of a central design which rarely as simple as the concept first appears. First one has to make use of different pre-specified key lengths.
  • Basics of Digital Signatures &

    Basics of Digital Signatures &

    > DOCUMENT SIGNING > eID VALIDATION > SIGNATURE VERIFICATION > TIMESTAMPING & ARCHIVING > APPROVAL WORKFLOW Basics of Digital Signatures & PKI This document provides a quick background to PKI-based digital signatures and an overview of how the signature creation and verification processes work. It also describes how the cryptographic keys used for creating and verifying digital signatures are managed. 1. Background to Digital Signatures Digital signatures are essentially “enciphered data” created using cryptographic algorithms. The algorithms define how the enciphered data is created for a particular document or message. Standard digital signature algorithms exist so that no one needs to create these from scratch. Digital signature algorithms were first invented in the 1970’s and are based on a type of cryptography referred to as “Public Key Cryptography”. By far the most common digital signature algorithm is RSA (named after the inventors Rivest, Shamir and Adelman in 1978), by our estimates it is used in over 80% of the digital signatures being used around the world. This algorithm has been standardised (ISO, ANSI, IETF etc.) and been extensively analysed by the cryptographic research community and you can say with confidence that it has withstood the test of time, i.e. no one has been able to find an efficient way of cracking the RSA algorithm. Another more recent algorithm is ECDSA (Elliptic Curve Digital Signature Algorithm), which is likely to become popular over time. Digital signatures are used everywhere even when we are not actually aware, example uses include: Retail payment systems like MasterCard/Visa chip and pin, High-value interbank payment systems (CHAPS, BACS, SWIFT etc), e-Passports and e-ID cards, Logging on to SSL-enabled websites or connecting with corporate VPNs.

  • Girls' Elite 2 0 2 0 - 2 1 S E a S O N by the Numbers

    GIRLS' ELITE 2 0 2 0 - 2 1 S E A S O N BY THE NUMBERS COMPARING NORMAL SEASON TO 2020-21 NORMAL 2020-21 SEASON SEASON SEASON LENGTH SEASON LENGTH 6.5 Months; Dec - Jun 6.5 Months, Split Season The 2020-21 Season will be split into two segments running from mid-September through mid-February, taking a break for the IHSA season, and then returning May through mid- June. The season length is virtually the exact same amount of time as previous years. TRAINING PROGRAM TRAINING PROGRAM 25 Weeks; 157 Hours 25 Weeks; 156 Hours The training hours for the 2020-21 season are nearly exact to last season's plan. The training hours do not include 16 additional in-house scrimmage hours on the weekends Sep-Dec. Courtney DeBolt-Slinko returns as our Technical Director. 4 new courts this season. STRENGTH PROGRAM STRENGTH PROGRAM 3 Days/Week; 72 Hours 3 Days/Week; 76 Hours Similar to the Training Time, the 2020-21 schedule will actually allow for a 4 additional hours at Oak Strength in our Sparta Science Strength & Conditioning program. These hours are in addition to the volleyball-specific Training Time. Oak Strength is expanding by 8,800 sq. ft. RECRUITING SUPPORT RECRUITING SUPPORT Full Season Enhanced Full Season In response to the recruiting challenges created by the pandemic, we are ADDING livestreaming/recording of scrimmages and scheduled in-person visits from Lauren, Mikaela or Peter. This is in addition to our normal support services throughout the season. TOURNAMENT DATES TOURNAMENT DATES 24-28 Dates; 10-12 Events TBD Dates; TBD Events We are preparing for 15 Dates/6 Events Dec-Feb.
  • Chapter 2 the Data Encryption Standard (DES)

    Chapter 2 the Data Encryption Standard (DES)

    Chapter 2 The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmet- ric or secret key cryptography and asymmetric or public key cryptography. Symmet- ric key cryptography is the oldest type whereas asymmetric cryptography is only being used publicly since the late 1970’s1. Asymmetric cryptography was a major milestone in the search for a perfect encryption scheme. Secret key cryptography goes back to at least Egyptian times and is of concern here. It involves the use of only one key which is used for both encryption and decryption (hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for security purposes that the secret key never be revealed. Secret Key (K) Secret Key (K) ? ? - - - - Plaintext (P ) E{P,K} Ciphertext (C) D{C,K} Plaintext (P ) Figure 2.1: Secret key encryption. To accomplish encryption, most secret key algorithms use two main techniques known as substitution and permutation. Substitution is simply a mapping of one value to another whereas permutation is a reordering of the bit positions for each of the inputs. These techniques are used a number of times in iterations called rounds. Generally, the more rounds there are, the more secure the algorithm. A non-linearity is also introduced into the encryption so that decryption will be computationally infeasible2 without the secret key. This is achieved with the use of S-boxes which are basically non-linear substitution tables where either the output is smaller than the input or vice versa. 1It is claimed by some that government agencies knew about asymmetric cryptography before this.
  • Basic Combinatorics

    Basic Combinatorics

    Basic Combinatorics Carl G. Wagner Department of Mathematics The University of Tennessee Knoxville, TN 37996-1300 Contents List of Figures iv List of Tables v 1 The Fibonacci Numbers From a Combinatorial Perspective 1 1.1 A Simple Counting Problem . 1 1.2 A Closed Form Expression for f(n) . 2 1.3 The Method of Generating Functions . 3 1.4 Approximation of f(n) . 4 2 Functions, Sequences, Words, and Distributions 5 2.1 Multisets and sets . 5 2.2 Functions . 6 2.3 Sequences and words . 7 2.4 Distributions . 7 2.5 The cardinality of a set . 8 2.6 The addition and multiplication rules . 9 2.7 Useful counting strategies . 11 2.8 The pigeonhole principle . 13 2.9 Functions with empty domain and/or codomain . 14 3 Subsets with Prescribed Cardinality 17 3.1 The power set of a set . 17 3.2 Binomial coefficients . 17 4 Sequences of Two Sorts of Things with Prescribed Frequency 23 4.1 A special sequence counting problem . 23 4.2 The binomial theorem . 24 4.3 Counting lattice paths in the plane . 26 5 Sequences of Integers with Prescribed Sum 28 5.1 Urn problems with indistinguishable balls . 28 5.2 The family of all compositions of n . 30 5.3 Upper bounds on the terms of sequences with prescribed sum . 31 i CONTENTS 6 Sequences of k Sorts of Things with Prescribed Frequency 33 6.1 Trinomial Coefficients . 33 6.2 The trinomial theorem . 35 6.3 Multinomial coefficients and the multinomial theorem . 37 7 Combinatorics and Probability 39 7.1 The Multinomial Distribution .
  • Fracking by the Numbers

    Fracking by the Numbers

    Fracking by the Numbers The Damage to Our Water, Land and Climate from a Decade of Dirty Drilling Fracking by the Numbers The Damage to Our Water, Land and Climate from a Decade of Dirty Drilling Written by: Elizabeth Ridlington and Kim Norman Frontier Group Rachel Richardson Environment America Research & Policy Center April 2016 Acknowledgments Environment America Research & Policy Center sincerely thanks Amy Mall, Senior Policy Analyst, Land & Wildlife Program, Natural Resources Defense Council; Courtney Bernhardt, Senior Research Analyst, Environmental Integrity Project; and Professor Anthony Ingraffea of Cornell University for their review of drafts of this document, as well as their insights and suggestions. Frontier Group interns Dana Bradley and Danielle Elefritz provided valuable research assistance. Our appreciation goes to Jeff Inglis for data assistance. Thanks also to Tony Dutzik and Gideon Weissman of Frontier Group for editorial help. We also are grateful to the many state agency staff who answered our numerous questions and requests for data. Many of them are listed by name in the methodology. The authors bear responsibility for any factual errors. The recommendations are those of Environment America Research & Policy Center. The views expressed in this report are those of the authors and do not necessarily reflect the views of our funders or those who provided review. 2016 Environment America Research & Policy Center. Some Rights Reserved. This work is licensed under a Creative Commons Attribution Non-Commercial No Derivatives 3.0 Unported License. To view the terms of this license, visit creativecommons.org/licenses/by-nc-nd/3.0. Environment America Research & Policy Center is a 501(c)(3) organization.
  • Selecting Cryptographic Key Sizes

    Selecting Cryptographic Key Sizes

    J. Cryptology (2001) 14: 255–293 DOI: 10.1007/s00145-001-0009-4 © 2001 International Association for Cryptologic Research Selecting Cryptographic Key Sizes Arjen K. Lenstra Citibank, N.A., 1 North Gate Road, Mendham, NJ 07945-3104, U.S.A. [email protected] and Technische Universiteit Eindhoven Eric R. Verheul PricewaterhouseCoopers, GRMS Crypto Group, Goudsbloemstraat 14, 5644 KE Eindhoven, The Netherlands eric.verheul@[nl.pwcglobal.com, pobox.com] Communicated by Andrew Odlyzko Received September 1999 and revised February 2001 Online publication 14 August 2001 Abstract. In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm-based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the cryptosystems. Key words. Symmetric key length, Public key length, RSA, ElGamal, Elliptic curve cryptography, Moore’s law. 1. Introduction 1.1. The Purpose of This Paper Cryptography is one of the most important tools that enable e-commerce because cryp- tography makes it possible to protect electronic information. The effectiveness of this protection depends on a variety of mostly unrelated issues such as cryptographic key size, protocol design, and password selection. Each of these issues is equally important: if a key is too small, or if a protocol is badly designed or incorrectly used, or if a pass- word is poorly selected or protected, then the protection fails and improper access can be gained. In this article we give some guidelines for the determination of cryptographic key sizes.