Hi, We are using OpenSSL DH for key establishment in our product. Recently we increased the size of P parameter to 2048 bits from 640 bits (we use g parameter of value 5), which is in accordance with the latest NIST standard document. Using the established shared secret, we are deriving 4 sub keys of size 128, 192 and 256 for symmetric key encryption using AES.
" NIST Special Publication 800-131a: "Recommendation for the Transitioning of Cryptographic Algorithms and Key Lengths", published by the U.S. Department of Commerce. - For DH and MQV schemes using finite fields: ?The use of |p| = 2048 bits, and |q| = 224 or 256 bits is acceptable? (pages 8 and 9). " But due to the above change the time of key establishment has increased by 20-30 times. With 640 bit P parameter, key establishment was taking around 3.5 ms, but with 2048 bit, key establishment is taking around 85.5 ms. After going through the OpenSSL implementation of DH, we figured that the issue is with the size of priavte key. By default OpenSSL DH generates the private key with size same as the size of P parameter, so in our case private key size is 2048 bits. When we set the DH->priv_key to a 256 bit random number before calling DH_generate_key(), the key establishment is taking only 11.9 ms, which is quite better than what we see with a 2048 bit private key. Can you please let us know the acceptable sizes of private key for 2048 bit P parameter? Are there any standards/specifications for the private key sizes? Thank You Ram Prasad
