Longer keys are more difficult to crack. Most symmetric keys today are 100 to 300 bits long. Why don’t systems use far longer symmetric keys—say, 1,000 bit keys?
Symmetric keys are to encrypt a single key, a very long key will have higher security, because there may be more combinations of keys. However, this requires high processing power and system resources of the computer if very long keys are used. Longer symmetric keys require higher processing power and larger RAM. Therefore, 100 to 300 bits long can meet security requirements and reduce resource requirements to a lower level.
Symmetric key encryption involves encryption and decryption of the original text between two parties by using a single key, which is shared only among the parties involved. It offers a high level of security and confidentiality to the data. It is also very fast and involves very minimum processing capacity and system resources. The reasoning for why systems do not use longer symmetric keys is because 1,000 bit keys would take way more processing power and RAM to operate. On the other hand, most symmetric keys today are 100 to 300 bits long which is doable because present day it is still considered strong.
Though larger keys can be created, it increases the computational burden, cost and time. 100-300 bit encryption is considered more than enough to prevent against brute force attacks as per the current computing power. To put it into perspective, it would take an average computer more than 14 billion years to crack a 2048-bit keys.
Hi Shubham,
I think we have the same idea. Although a longer key provides more reliable encryption, the longer the key length, the higher the demand for resources. The key length will also change the processing speed and strength required by the arithmetic algorithm for data conversion and encryption.
To be precise the AES is the Advanced Encryption Standard as defined by NIST. it uses key sizes of 128, 192 and 256 bits and a single block size of 128 bits. However, symmetric session key is not defined for key sizes larger than 300 bits, so larger – 1000 bit keys is not likely to ever exist considering the Quantum computer required for such encryption and decryption of such algorithm of such length; you would have to change the algorithm significantly.
There certainly have been ciphers that allow for a greater key / block size. Usually those that are used within e.g. cryptographic hashes, as that’s one place where larger keys / block sizes do make sense. AES 100 – 300 still has a strength of at least 128 bits of security when Grover’s attack is used on a sufficiently large Quantum Computer. It is infeasible to break 128 bits of security; brute force would certainly be out of the question. The only thing that can break AES is a new / unknown attack that significantly reduces the strength below those 128 bits.
As it is, a larger block size is probably of more interest than a larger key size. AES-CTR (counter mode) is used a lot and the 128 bit block size can be a problem when there is a chance of the counter / the block input repeating itself.
Your mention of quantum computers made me think of how the brute-forcing process is further enhanced by the mechanics / processors the system uses. I think it is quite worrisome that even with a long or complex key, the key can be used in a matter of hours as a result to brute force. Even with long keys (130 bits for example), the process of brute force is less challenging since decryption can be preformed in a matter of minutes when using the processing speed of quantum computers.
With the right quantum computer, AES-128 would take about 2.61*10^12 years to crack, while AES-256 would take 2.29*10^32 years. For reference, the universe is currently about 1.38×10^10 years old, so cracking AES-128 with a quantum computer would take about 200 times longer than the universe has existed.
Shubham,
AES 128 and AES 256 are the chosen cipher of this modern-day technology. Let’s look at an unrealistic scenario – perhaps if we could somehow put every PC on earth to work, trying to crack data that was encrypted using AES 256. It’s estimated that there are currently 2.5 billion PCs on earth, of varying ages and computing power. Let’s assume that each of those 2.5 billion are as fast as our Intel i7 and MacBook Pro. (Of course in reality most computers will be slower and some will be faster, but we’re talking averages here.) The average time taken for all PCs on earth, working together, to brute force crack AES-256 is: 13,668,946,519,203,305,597,215,004,987,461,470,161,805,533,714,878,481 years
Still impossible. But to write that as a number, it’s: 13,689 trillion trillion trillion trillion years.
Yangyuan Lin says
Symmetric keys are to encrypt a single key, a very long key will have higher security, because there may be more combinations of keys. However, this requires high processing power and system resources of the computer if very long keys are used. Longer symmetric keys require higher processing power and larger RAM. Therefore, 100 to 300 bits long can meet security requirements and reduce resource requirements to a lower level.
Elizabeth Gutierrez says
Symmetric key encryption involves encryption and decryption of the original text between two parties by using a single key, which is shared only among the parties involved. It offers a high level of security and confidentiality to the data. It is also very fast and involves very minimum processing capacity and system resources. The reasoning for why systems do not use longer symmetric keys is because 1,000 bit keys would take way more processing power and RAM to operate. On the other hand, most symmetric keys today are 100 to 300 bits long which is doable because present day it is still considered strong.
Shubham Patil says
Though larger keys can be created, it increases the computational burden, cost and time. 100-300 bit encryption is considered more than enough to prevent against brute force attacks as per the current computing power. To put it into perspective, it would take an average computer more than 14 billion years to crack a 2048-bit keys.
Yangyuan Lin says
Hi Shubham,
I think we have the same idea. Although a longer key provides more reliable encryption, the longer the key length, the higher the demand for resources. The key length will also change the processing speed and strength required by the arithmetic algorithm for data conversion and encryption.
Oluwaseun Soyomokun says
To be precise the AES is the Advanced Encryption Standard as defined by NIST. it uses key sizes of 128, 192 and 256 bits and a single block size of 128 bits. However, symmetric session key is not defined for key sizes larger than 300 bits, so larger – 1000 bit keys is not likely to ever exist considering the Quantum computer required for such encryption and decryption of such algorithm of such length; you would have to change the algorithm significantly.
There certainly have been ciphers that allow for a greater key / block size. Usually those that are used within e.g. cryptographic hashes, as that’s one place where larger keys / block sizes do make sense. AES 100 – 300 still has a strength of at least 128 bits of security when Grover’s attack is used on a sufficiently large Quantum Computer. It is infeasible to break 128 bits of security; brute force would certainly be out of the question. The only thing that can break AES is a new / unknown attack that significantly reduces the strength below those 128 bits.
As it is, a larger block size is probably of more interest than a larger key size. AES-CTR (counter mode) is used a lot and the 128 bit block size can be a problem when there is a chance of the counter / the block input repeating itself.
Elizabeth Gutierrez says
Hi Oluwaseun,
Your mention of quantum computers made me think of how the brute-forcing process is further enhanced by the mechanics / processors the system uses. I think it is quite worrisome that even with a long or complex key, the key can be used in a matter of hours as a result to brute force. Even with long keys (130 bits for example), the process of brute force is less challenging since decryption can be preformed in a matter of minutes when using the processing speed of quantum computers.
Shubham Patil says
Oluwaseun,
With the right quantum computer, AES-128 would take about 2.61*10^12 years to crack, while AES-256 would take 2.29*10^32 years. For reference, the universe is currently about 1.38×10^10 years old, so cracking AES-128 with a quantum computer would take about 200 times longer than the universe has existed.
Oluwaseun Soyomokun says
Shubham,
AES 128 and AES 256 are the chosen cipher of this modern-day technology. Let’s look at an unrealistic scenario – perhaps if we could somehow put every PC on earth to work, trying to crack data that was encrypted using AES 256. It’s estimated that there are currently 2.5 billion PCs on earth, of varying ages and computing power. Let’s assume that each of those 2.5 billion are as fast as our Intel i7 and MacBook Pro. (Of course in reality most computers will be slower and some will be faster, but we’re talking averages here.) The average time taken for all PCs on earth, working together, to brute force crack AES-256 is: 13,668,946,519,203,305,597,215,004,987,461,470,161,805,533,714,878,481 years
Still impossible. But to write that as a number, it’s: 13,689 trillion trillion trillion trillion years.