Cryptography by the Numbers

NIST Recommendations
  • Modes of operation for block ciphers approved by NIST (source, updated February 12, 2018)
    • Encryption:  6
    • Authentication:  1
    • Encryption with Authentication:  5
    • Format-Preserving Encryption:  2
  • Minimum key sizes approved by NIST (source, published January 2016)
    • AES:  128 bits
    • Diffie-Hellman:  2048 bits (617 digits)
    • RSA:  2048 bits (617 digits)
    • Digital Signature Algorithm:  2048 bits (617 digits) for public key, 224 bits (68 digits) for private key
    • Elliptic Curve Cryptography:  224 bits (68 digits)
Record-Breaking Computations
  • Record for factoring a product of two large primes of general form (source, announced February 28, 2020):

= 2140324650240744961264423072839333563008614715144755017797754920881418023447140136643345519095804679610992851872470914587687396261921557363047454770520805119056493106687691590019759405693457452230589325976697471681738069364894699871578494975937497937
= 64135289477071580278790190170577389084825014742943447208116859632024532344630238623598752668347708737661925585694639798853367
×
33372027594978156556226010605355114227940760344767554666784520987023841729210037080257448673296881877565718986258036932062711
(“RSA-250“, 829 bits, 250 digits)

  • Record for finding a discrete logarithm modulo a prime (source, announced December 2, 2019):

p = RSA-240 + 49204 (the first safe prime above “RSA-240“, 795 bits, 240 digits)

774356626343973985966622216006087686926705588649958206166317147722421706101723470351970238538755049093424997
≡ 592603135928144195363094955331732855502961099191437611616729420475898744562365366788100548099072093487548258752802923326447367244150096121629264809207598195062213366889859186681126928982506005127728321426751244111412371767375547225045851716
(mod p)

  • Record for finding a discrete logarithm in a finite field (source, announced July 10, 2019):  Finite field has 230750 elements; size of the field is 30750 bits (14672 digits).
    The finite field was obtained by taking polynomials in two variables, x and t, and reducing them modulo t30 t + 1, modulo x1025 x + t3, and modulo 2.The challenge was to take the logarithm of\displaystyle \sum_{i=0}^{30749} \left( \lfloor \pi \cdot 2^{i+1} \rfloor \bmod{2} \right) \cdot t^{29 - (i \bmod{30})} \cdot x^{\lfloor i / 30 \rfloor}with respect to the generator g  =  x + t9 .
  • Record for finding a discrete logarithm on an elliptic curve of general form modulo p (source, announced June 16, 2020):

p = 2256 – 232 – 29 – 28 – 27 – 26 – 24 – 1 = 115792089237316195423570985008687907853269984665640564039457584007908834671663

A ≡ 31464123230573852164273674364426950 (mod p)

The logarithm was from the 100 BTC Bitcoin Challenge and was specified to have at most 115 bits (35 digits).

  • Record for finding the shortest vector in a randomly generated lattice (source, announced February 8, 2021):  A point in a lattice in 180 dimensions which is distance 3509 from the origin.
  • Record for solving the Learning With Errors problem in the highest dimension (source, announced June 12, 2022):  A point in a lattice in 90 dimensions with a relative error size of 0.005.
  • Record for solving the Learning With Errors problem with the largest relative error (source, announced March 6, 2022):  A point in a lattice in 40 dimensions with a relative error size of 0.035.
  • Record for solving the syndrome decoding problem (as used in Classic McEliece) with the longest length solution (source, announced February 26, 2023):  A string of 1347 bits, 25 of which had value 1.
  • Record for recovering a McEliece (with Goppa code) secret key from a public key (source, announced May 30, 2024):   Public key is a matrix with 40 rows and 253 columns.
  • Record for recovering a McEliece (with Goppa code) plaintext from a public key and a ciphertext (source, announced May 30, 2024):   Public key is a matrix with 230 rows and 988 columns.
  • Record for solving the quasi-cyclic syndrome decoding problem (as used in BIKE) with the longest length solution (source, announced April 18, 2022):  A string of 3138 bits, 56 of which had value 1.
  • Record for breaking reduced-size Kyber with the largest secret key size (source, announced August 3, 2023): A 1536-bit secret key.
Quantum Computing Records
  • Largest number reported factored using Shor’s Algorithm for fast quantum computing:  21  (source, published October 21, 2012)
  • Largest number reported factored using quantum computation at any speed:  249919 (source, published December 5, 2018)
Quantum Cryptography Records
  • Fastest quantum key agreement systems:
    • Medium-distance:  1.02 Mbit/s over 20 km of optical fiber (source, published October 30, 2008)
    • Long-distance:  12.7 kbit/s over 307 km of optical fiber (source, published February 9, 2015)
  • Longest quantum key agreement systems:
    • Fiber-optic:  404 km (source, published November 2, 2016)
    • Ground-to-ground: 144 km (source, published January 5, 2007)
    • Air-to-ground: 20 km (source, published March 31, 2013)
    • Ground-to-air:  10 km (source, published June 6, 2017)
    • Satellite-to-ground:  1200 km (source, published September 7, 2017)
Post-Quantum Cryptography
  • Submissions to the NIST Post-Quantum Cryptography Standardization process (source, presented April 11, 2018)
    • Submissions received by NIST:  82
    • Submissions meeting minimum specified requirements:  69
    • Submissions still in contention as of the First PQC Standardization Conference:  64
    • Submitters involved: 278, from “25 Countries, 16 States, 6 Continents”
  • Submissions selected for standardization after Round 3 (source, announced July 5, 2022)
    • CRYSTALS-KYBER (key-establishment for most use cases)
    • CRYSTALS-Dilithium (digital signatures for most use cases)
    • FALCON (digital signatures for use cases requiring smaller signatures)
    • SPHINCS+ (digital signatures not relying on the security of lattices)
  • Public-key encryption and key-establishment algorithms deferred to Round 4 of the NIST Post-Quantum Cryptography Standardization process:  BIKE, Classic McEliece, HQC, SIKE
  • 4th NIST PQC Standardization Conference:  November 29-December 1, 2022
  • Draft standards for KYBER, Dilithium, and SPINCS+ available for public comment:  August 24, 2023
  • FALCON draft standard available for public comment:  2024
  • Submissions to the New Call for Proposals: Digital Signature Algorithms with Short Signatures and Fast Verification (source, announced June 9, 2023)
    • Submissions received by NIST:  50
    • Submitters involved: 262, from “5 continents and 28 countries”
    • Submissions meeting minimum specified requirements:  40 (source, announced July 17, 2023)
    • Number of submissions reported insecure in the first 30 hours:  7 (sources)
  • Fifth PQC standardization conference: April 10-12, 2024.
Lightweight Cryptography
  • Submissions to the NIST Lightweight Cryptography Standardization process (source, updated April 19, 2019)
    • Submissions received by NIST:  57
    • Submissions meeting minimum specified requirements:  56
  • Submissions surviving to Round 2 of the NIST Lightweight Cryptography Standardization process (source, announced August 30, 2019)
    • Round 2 candidate submissions:  32
    • 3rd NIST Lightweight Cryptography Workshop:  November 4-6, 2019
    • 4th NIST Lightweight Cryptography Workshop (virtual):  October 19-21, 2020
  • Submissions surviving to Round 3 of the NIST Lightweight Cryptography Standardization process (source, announced March 29, 2021)
    • Round 3 candidate submissions:  10  (ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak)
    • 5th NIST Lightweight Cryptography Workshop (virtual):  May 9-11, 2022
  • NIST selects Ascon as the family of algorithms for the new Lightweight Cryptography Standard! (source, announced February 7, 2023)
    • Unofficial brief description of Ascon
    • 6th NIST Lightweight Cryptography Workshop (virtual):  June 21-22, 2023
    • Draft standards available for public comment:  2023