≤ 56 symmetric, ≤ 512 asymmetric, and ≤ 112 bit elliptic curve

Category 5 Part 2 includes certain key length thresholds for cryptography. Specifically, 5A002.a says “in excess of 56 bits of symmetric key length, or equivalent”. This term is further defined in Technical Note 1 under 5A002.a and it means the following:

A “symmetric algorithm” employing a key length in excess of 56-bits is controlled in Category 5, Part 2. Therefore, items with a key length of 56 bits or less are not in 5A002.a.  Note that parity bits do not count towards the key length. Symmetric algorithms use an identical key for both encryption and decryption.

Asymmetric algorithms use different, mathematically related keys for encryption and decryption.
An “Asymmetric algorithm” is controlled in Category 5 Part 2 if the security of the algorithm is based on any of the following:

-          Factorisation of integers in excess of 512 bits (e.g., RSA);

-          Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ); or

-          Discrete logarithms in a group other than mentioned in paragraph b.2. in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).

Therefore, items with a key length ≤ 56 symmetric, ≤ 512 asymmetric, and ≤ 112 bit elliptic curve are not classified in 5A002.a. In that case, you should review other entries in Category 5 Part 2 and other Categories on the CCL (e.g., Cat. 4 or Cat. 5, Part 1).  If it is not described in any other Category then it can be classified as EAR99.




© BIS 2020