What should the size of the private exponents in Diffie-Hellman key exchange for TLS be?

Question

I'm using TLS with a Diffie-Hellman key exchange to negotiate the symmetric keys. How long should the exponents be?

score 0 · Answer 1 · edited Jun 26 '13 at 19:43

0

Diffie-Hellman exponents need at a size at least twice the security level.

So for elliptic curve DH you need the same size as the underlying field. For example 256 bits for P-256.

For finite-field DH you still need twice the security level as exponent, but significantly larger fields. For example for an 80 bit level you need 160 bit exponents and a ~1024 bit field.

edited Jun 26 '13 at 19:43

Paŭlo Ebermann

22,946
7
82
119

answered Jun 26 '13 at 15:49

CodesInChaos

25,121
2
90
129

What should the size of the private exponents in Diffie-Hellman key exchange for TLS be?

1 Answers1