Key length for integer- and finite-field cryptography

David Leon Gil coruus at
Thu Aug 7 17:52:29 CEST 2014

So, NIST SP800-57, Table 3, security strength equivalents for finite-
and integer- field cryptography:

 80-bit equivalent: 1024 bits
112-bit equivalent: 2048 bits
128-bit equivalent: 3072 bits
192-bit equivalent: 7680 bits
256-bit equivalent: 15360 bits

Take-home: If you are using AES-256, you should max out your key size
in GnuPG. (It is regrettable that only some versions seem to support
strong key-sizes.)


Re requirements: NIST SP800-57 Table 4 requires that applications not
use 1024-bit keys. 112-bit security strength is required; thus
2048-bit keys are the *minimum* length in any FIPS-compliant


Here's a Stack Overflow question which explains, essentially, how
these security-strength numbers are derived:

- dlg

More information about the Gnupg-devel mailing list