Cryptography by the Numbers

NIST Recommendations
  • Modes of operation for block ciphers approved by NIST (source, updated February 12, 2018)
    • Encryption:  6
    • Authentication:  1
    • Encryption with Authentication:  5
    • Format-Preserving Encryption:  2
  • Minimum key sizes approved by NIST (source, published January 2016)
    • AES:  128 bits
    • Diffie-Hellman:  2048 bits (617 digits)
    • RSA:  2048 bits (617 digits)
    • Digital Signature Algorithm:  2048 bits (617 digits) for public key, 224 bits (68 digits) for private key
    • Elliptic Curve Cryptography:  224 bits (68 digits)
Record-Breaking Computations
  • Record for factoring a product of two large primes of general form (source, announced December 2, 2019):

= 124620366781718784065835044608106590434820374651678805754818788883289666801188210855036039570272508747509864768438458621054865537970253930571891217684318286362846948405301614416430468066875699415246993185704183030512549594371372159029236099
= 509435952285839914555051023580843714132648382024111473186660296521821206469746700620316443478873837606252372049619334517
\times 244624208838318150567813139024002896653802092578931401452041221336558477095178155258218897735030590669041302045908071447
(“RSA-240“, 795 bits, 240 digits)

  • Record for finding a discrete logarithm modulo a prime (source, announced December 2, 2019):

p = RSA-240 + 49204 (the first safe prime above RSA-240, 795 bits, 240 digits)

  • Record for finding a discrete logarithm in a finite field (source, announced July 10, 2019):  Finite field has 230750 elements; size of the field is 30750 bits (14672 digits).
  • Record for finding a discrete logarithm on an elliptic curve of general form modulo p (source, published September 9, 2009):

p = (2128 − 3)/(11 × 6949) = 4451685225093714772084598273548427 (112 bits, 34 digits)

  • Record for finding a discrete logarithm on a “pairing-friendly” elliptic curve modulo p (source, published

p =  1957518425389075254535992784167879 (114 bits, 35 digits)

  • Record for finding the shortest vector in a randomly generated lattice (source, announced August 30, 2018):  A point in a lattice in 153 dimensions which is distance 3192 from the origin.
Quantum Computing Records
  • Largest number reported factored using Shor’s Algorithm for fast quantum computing:  21  (source, published October 21, 2012)
  • Largest number reported factored using quantum computation at any speed:  249919 (source, published December 5, 2018)
Quantum Cryptography Records
  • Fastest quantum key agreement systems:
    • Medium-distance:  1.02 Mbit/s over 20 km of optical fiber (source, published October 30, 2008)
    • Long-distance:  12.7 kbit/s over 307 km of optical fiber (source, published
  • Longest quantum key agreement systems:
    • Fiber-optic:  404 km (source, published
    • Ground-to-ground: 144 km (source, published January 5, 2007)
    • Air-to-ground: 20 km (source, published
    • Ground-to-air:  10 km (source, published June 6, 2017)
    • Satellite-to-ground:  1200 km (source, published September 7, 2017)
Post-Quantum Cryptography
  • Submissions to the NIST Post-Quantum Cryptography Standardization process (source, presented April 11, 2018)
    • Submissions received by NIST:  82
    • Submissions meeting minimum specified requirements:  69
    • Submissions still in contention as of the First PQC Standardization Conference:  64
    • Submitters involved: 278, from “25 Countries, 16 States, 6 Continents”
  • Submissions surviving to Round 2 of the NIST Post-Quantum Cryptography Standardization process (source, announced January 20, 2019)
    • Public-key encryption and key-establishment algorithm: 17
    • Digital signature algorithms: 9
    • 2nd NIST PQC Standardization Workshop:  August 22-24, 2019
  • Select algorithms or start a 3rd Round:  2020/2021
  • Draft standards available:  2022-2024
Lightweight Cryptography
  • Submissions to the NIST Lightweight Cryptography Standardization process (source, updated April 19, 2019)
    • Submissions received by NIST:  57
    • Submissions meeting minimum specified requirements:  56
  • Submissions surviving to Round 2 of the NIST Lightweight Cryptography Standardization process (source, announced August 30, 2019)
    • Round 2 candidate submissions:  32
    • 3rd NIST Lightweight Cryptography Workshop:  November 4-6, 2019
  • Select algorithms or start a 3rd Round:  August/September 2020