National Institute of Standards and Technology releases a draft on the use of Cryptographic Algorithms and Key Lengths

October 22, 2024 |

The National Institute of Standards and Technology (“NIST”) has released a public draft of for the use of cryptography and transitioning to stronger cryptographic keys and algorithms.

The abstract provides:

NIST provides cryptographic key management guidance for defining and implementing appropriate key-management procedures, using algorithms that adequately protect sensitive information, and planning for possible changes in the use of cryptography because of algorithm breaks or the availability of more powerful computing techniques. This publication provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms.

Interesting points made:

  • The use of algorithms and key lengths/strengths for which the terms deprecated and legacy use are listed involve some risk that increases over time.  A signature that was purportedly created when the algorithm was deemed acceptable is verified after the algorithm is declared to only be allowed for legacy use, and the actual time when the signature was generated cannot be verified.
  • if the risk is unacceptable for a given application, then the algorithm or key length/strength is considered disallowed for that application.
  • large-scale quantum computers will threaten the security of  public-key algorithms:
    • in particular, NIST-approved digital signature schemes,
    • key agreements using Diffie-Hellman and MQV, and key agreements and key transport using RSA will need to be replaced with secure quantum-resistant counterparts
  • Encryption and decryption using block cipher algorithms require the use of modes of operation to perform successive encryption or decryption processes on data, which in turn require multiple calls to the primitive algorithm
  • Digital signatures provide assurance of origin authentication and data integrity. These assurances can be extended to provide assurance that the signatory cannot effectively deny signing a document, which is commonly known as non-repudiation.
  • The security strength provided by a digital signature generation process is no greater than the minimum of 1) the security strength that the digital signature algorithm can support with a given parameter set (including the length of the key) and 2) the security strength supported by the cryptographic hash method

 

Leave a Reply





Verified by MonsterInsights