Quiz Entry - updated: 2026.07.14
How do equivalent cryptographic key sizes compare across symmetric, RSA/DH, and ECC?
128-bit symmetric ≈ 3072-bit RSA/DH ≈ 256-bit ECC. The ratio is roughly Sym:RSA = 1:24 and Sym:ECC = 1:2, showing ECC's dramatic efficiency advantage.
* ECC grows about linearly with symmetric strength while RSA/DH balloons. *
Equivalent key size table (without quantum computers):
| Symmetric (bits) | RSA/DH $n$ (bits) | ECC $p$ (bits) | Sym:RSA | Sym:ECC |
|---|---|---|---|---|
| 56 | 512 | 112 | 1:9 | 1:2 |
| 80 | 1024 | 160 | 1:13 | 1:2 |
| 112 | 2048 | 224 | 1:18 | 1:2 |
| 128 | 3072 | 256 | 1:24 | 1:2 |
| 192 | 7680 | 384 | 1:40 | 1:2 |
| 256 | 15,360 | 512 | 1:60 | 1:2 |
Key observations:
- The Sym:ECC ratio stays constant at about 1:2 — ECC scales linearly
- The Sym:RSA ratio keeps growing — RSA key sizes explode as security increases
- For 256-bit symmetric equivalent: RSA would need 15,360-bit keys (impractical), while ECC needs only 512 bits
Recommendation: Experts strongly recommend moving to ECC, noting that increasing RSA beyond 3072 bits becomes "difficult to justify."
Important note: DH discrete log records trail RSA factoring records by a few years — when RSA of size $n$ bits is broken, DH with the same $n$ bits is broken shortly after.
Go deeper:
Key size — Wikipedia — equivalent-strength tables across symmetric, RSA/DH and ECC.
Keylength.com — key-length recommendations — compares NIST/BSI/ECRYPT sizes side by side.