Security level best practice

1. Security bits meaning

  • “Security level X bits” ≈ breaking it requires about \(2^X\) operations.
  • Example: 128-bit security means brute force would take \(2^{128}\) steps.

2. Current recommended levels (as of 2025)

From NIST, ENISA, and other standards bodies:

  • Symmetric crypto (AES, SHA-2, SHA-3):

128-bit security is the minimum safe for general use.

192/256-bit used when long-term or high-sensitivity protection is needed.

  • Public key crypto (RSA, ECC):

– RSA must be very large to reach the same security:

2048-bit RSA ≈ 112-bit security (minimum acceptable).

3072-bit RSA ≈ 128-bit security (recommended today).

4096-bit RSA ≈ ~152-bit security (future-proof).

– ECC (Elliptic Curves, e.g. P-256, Curve25519):

256-bit curves ≈ 128-bit security.

384-bit curves ≈ 192-bit security.

521-bit curves ≈ 256-bit security.

Most production systems use 128-bit ECC security (P-256 or Curve25519).

  • Hash functions:

SHA-256 → 128-bit collision security, 256-bit preimage security.

SHA-3 variants are aligned similarly.

3. Recommended in practice (production systems today)

  • Symmetric: AES-128 or AES-256
  • ECC: Curve25519 or P-256 (128-bit security)
  • RSA: at least 3072 bits (to align with 128-bit security)
  • Hashes: SHA-256 (standard), SHA-3-256 (for new designs)

PQC

1. Why PQC matters

A large quantum computer running Shor’s algorithm could break RSA, DSA, and ECC.

Grover’s algorithm weakens symmetric crypto and hash functions, but only by about a square root (so AES-256 becomes ≈ AES-128 against quantum).

2. NIST PQC standardization (as of 2025)

NIST has already selected first-generation post-quantum algorithms:

  • Key Encapsulation Mechanism (KEM):

CRYSTALS-Kyber (standardized as ML-KEM)

Kyber-512 → ~128-bit security

Kyber-768 → ~192-bit security

Kyber-1024 → ~256-bit security

  • Digital Signatures:

CRYSTALS-Dilithium (standardized as ML-DSA)

FALCON (for smaller signatures)

SPHINCS+ (hash-based, very conservative, but large signatures)

3. Recommended PQC security levels

NIST aligns PQC parameters with the same bit-security categories as today’s symmetric cryptography:

Category 1 → 128-bit security

Category 3 → 192-bit security

Category 5 → 256-bit security

For most production uses, Category 1 (128-bit security) is recommended. Higher levels are for long-term/high-sensitivity use.

4. In practice today (2025)

  • Most companies are beginning hybrid deployments (e.g. TLS using X25519 + Kyber).
  • Governments and high-security industries are testing Category 3 (Kyber-768, Dilithium-3) for long-term data protection.

Leave a Reply

Your email address will not be published. Required fields are marked *