Keys have limited lifetimes for a number of reasons. The most important reason is protection against cryptanalysis. Each time the key is used, it generates a number of ciphertexts. Using a key repetitively allows an attacker to build up a store of ciphertexts (and possibly plaintexts) which may prove sufficient for a successful cryptanalysis of the key value. If you suspect that an attacker may have obtained your key, the your key is considered compromised .
Research in cryptanalysis can lead to possible attacks against either the key or the algorithm. For example, RSA key lengths are increased every few years to ensure that the improved factoring algorithms do not compromise the security of messages encrypted with RSA.
Another reason for limiting the lifetime of a key is to minimize the damage from a compromised key. It is unlikely that a user will discover that his key has been compromised by an attacker if the attacker remains "passive." Relatively frequent key changes will limit any potential damage from compromised keys. Ford [For94] describes the life cycle of a key as follows:
- key generation and possibly registration for a public key
- key distribution
- key activation/deactivation
- key replacement or key update
- key revocation
- key termination, involving destruction and possibly archival
| Question 114 |