[Cfrg] Parameter sizes (was: Cryptographic meta-principles)

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 23 May 2012 16:00 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A50321F8733 for <cfrg@ietfa.amsl.com>; Wed, 23 May 2012 09:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uodNaqTAbyYQ for <cfrg@ietfa.amsl.com>; Wed, 23 May 2012 09:00:42 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id C617321F8466 for <cfrg@irtf.org>; Wed, 23 May 2012 09:00:41 -0700 (PDT)
Received: from [172.19.131.144] ([12.130.118.43]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.3) with ESMTP id q4NG0Z8V081742 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 23 May 2012 09:00:38 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="windows-1252"
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <80F9AC969A517A4DA0DE3E7CF74CC1BB425C1D@MSIS-GH1-UEA06.corp.nsa.gov>
Date: Wed, 23 May 2012 09:00:35 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <4D9637B5-A87E-4A4F-9FC5-483938AE0984@vpnc.org>
References: <80F9AC969A517A4DA0DE3E7CF74CC1BB425C1D@MSIS-GH1-UEA06.corp.nsa.gov>
To: "Igoe, Kevin M." <kmigoe@nsa.gov>
X-Mailer: Apple Mail (2.1278)
Cc: cfrg@irtf.org
Subject: [Cfrg] Parameter sizes (was: Cryptographic meta-principles)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 16:00:42 -0000

On May 23, 2012, at 7:30 AM, Igoe, Kevin M. wrote:

> 5.       Moore’s Law continually decreases an adversary’s cost to attack a system. so we must assume that eventually all parameter sizes will need to be readjusted.

This statement assumes that there are always parameter sizes, which is incorrect. SHA2-256 does not have a parameter to make its strength 300 bits; AES-128 does not have a parameter to make its strength 150 bits; and so on.

This is not just a pedantic discussion. For many cryptographic functions, you cannot make them stronger by changing parameters: you have to change algorithms. The operational cost of this is much higher than the cost of telling an administrator to change a configuration setting and then verifying that the setting was changed.

--Paul Hoffman