Key size


Key size in Cryptography or key length is the number of bits in a key used by a Cryptographic Primitive (such as a cipher or Hash Function).

Key size defines the upper-bound on an algorithm's security (i.e., a logarithmic measure of the fastest known attack against an algorithm, relative to the Key size), since the security of all algorithms can be violated by Brute-Force attacks.

Ideally, Key size would coincide with the lower-bound on an algorithm's security. Indeed, most Symmetric Key algorithms are designed to have security equal to their key length.

However, after design, a new attack might be discovered. For instance, Triple DES was designed to have a 168 bit Key size, but an attack of complexity 2112 is now known (i.e., Triple DES has 112 bits of security). Nevertheless, as long as the relation between Key size and security is sufficient for a particular application, then it doesn't matter if Key size and security coincide. This is important for Asymmetric Key algorithms, because no such algorithm is known to satisfy this property; Elliptic Curve cryptography comes the closest with an effective security of roughly half its Key size.

Hash Function Security has some details in regards to Key size

More Information#

There might be more information for this subject on one of the following: