The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
The strength of a symmetric session key is directly related to the time it would take an attacker to perform a brute-force search of all possible key combinations hence, the longer the key, the more possible combinations an attacker needs to try, making the key stronger.
Assuming that the processing speed of microprocessors is doubling every year, it means that the computing power available to an attacker is also doubling each year. In this scenario, we can calculate how long a symmetric session key should be in 30 years to maintain its strength.
The current key length is 100 bits, maintaining the same level of security in 30 years, an attacker’s computing power would double 30 times over.
Calculating the required key length:
Required key length = current key length + (doubling rate * years)
100 bits + (1 bit per year * 30)
100 + 30 = 130 bits
In 30 years, the symmetric session key would need to be 130 bits long to maintain the same level of security offered by a 100-bit key today. As the attacker’s computing power has doubled 30 times, a longer key is required to ensure that the time required to perform a brute-force attack remains sufficient and long enough to maintain its strength.
It’s a clear and concise explanation that highlights the importance of staying ahead in the cybersecurity arms race. The projection of key length requirements over the next 30 years is particularly insightful, offering a tangible roadmap for maintaining data security in the face of rapidly evolving technology.
Hi Ooreofeoluwa,
You have done an excellent job of breaking down a complex issue into a clear and understandable concept. Calculation provided to determine the required key length in 30 years is straightforward and well-justified.
The effectiveness of a session key is directly linked to its bit length as each additional bit doubles the number of keys. With microprocessor speeds doubling every year the computational ability to attempt brute force decryption grows exponentially. After 30 years this ability will have grown by a factor of 230 To maintain protection, against such advancements the length of a symmetric key must also increase to provide an equivalent level of security.
Presently a 100-bit key is secure. To counterbalance the 30 increases in processing power over the next 30 years it is necessary to add an additional 30 bits to the key length resulting in a 130-bit key. This ensures that the time required for brute forcing the key remains consistent with today’s standards regardless of advancements, in processing speed.
Hi Yannick,
Indeed you make a useful and straightforward perspective on key length and its relation to security against the backdrop of increasing processing power. It’s essential to remember that the field of cryptography is continually evolving, and security measures should be regularly reviewed and updated to adapt to changing threats and advancements in technology.
This is an apt and straightforward description towards the answer and the considerations towards it.
If adding one bit to the key length roughly doubles the computation time, and considering the total processing speed of microprocessors is doubling roughly every year, in 30 years, the computational power available to attackers will have increased by 2^30. To counteract this increased computational power and maintain the same level of security, the symmetric session key length would need to be increased by 30 bits. This is because adding one bit at a time would require doubling the computation time 30 times to match the increased computational power of attackers over the 30-year period. So, in 30 years, a symmetric session key would need to be 130 bits long to be considered strong, assuming adding one bit doubles the computation time and considering the exponential growth in computational power.
Hi Nicholas,
You makes a reasonable attempt to address the relationship between computational power and symmetric session key length in the context of maintaining security.
As processing speeds increase so does the effectiveness of brute force attacks. The question states power is doubling each year, and that 100 bits currently proves to be an effective strength. This means that in order to account for the added processing power 1 bit must be added each year in order to ensure security. Therefore in 30 years 130 bits will be required in order to be considered strong aand secure.
Hi Edge, I agree. Increasing processing speeds heighten the effectiveness of brute force attacks. Adding 1 bit annually to the current 100 bits is essential to adapt to this growth, ensuring security. In 30 years, 130 bits will be vital for maintaining strong encryption against evolving computational capabilities.
Knowing the factors and risks involved in the length of keys would be input to determine the minimum required length in 30 years.
A symmetric session key is a cryptographic key used in symmetric encryption; the strength of a symmetric session key is measured in bits, representing the level of security provided by that key in protecting data. In symmetric cryptography, the strength of a session key depends on its length. The longer the key, the stronger the encryption and the more resistant it is to brute-force attacks.
The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Currently, a symmetric session key needs to be 100 bits long to be considered strong.
In this case, to determine how long will a symmetric session key have to be in 30 years to be considered strong.
One bit must be added each year since a single bit increase doubles the number of possible keys.
Therefore, Calculating the required key length:
Required key length = current key length + (doubling rate * years)
100 bits + (1 bit per year * 30)
100 + 30 = 130 bits
A symmetric session key must be 130 bits long in 30 years to be considered strong. For 30 years, a bit should be added each year; thus, it makes to be 130 bits.
Welldone Celine, this is a good breakdown to determine the answer for the key length in 30 years.
I like that you show the key length calculation very accurately and clearly.
In 30 years, a symmetric session key should be at least 130 bits long to be considered strong, assuming Moore’s Law continues to double the processing speed of microprocessors every year. This increase in key length compensates for the increased computational power of future microprocessors and maintains a similar level of security as a 100-bit key today.
Nice perspective brings Moore’s law into the response to this.
Hey Bo, you did a great job explaining why it would be 130 bits long to be considered strong. While we may know the number that is necessary for a key today, it’s always best to anticipate for the future, which you did in your explanation. does this mean 50 years from now the key would have to be 150 bits long?
A symmetric cipher consists of an algorithm and a key so to use that cipher it needs to be encrypted and then decrypted when sent to someone. The cipher will use the same algorithm and key to decrypt the encryption but the current symmetric session key has to be 100 bits long. The symmetric session key length would be 30 years from now even though the total processing speed of microprocessors doubles every year. It would have to be 130 bits because if the bit length is increased by a single bit every year that would lead the symmetric session key length to be 130 bits long when the 30-year mark hits.
Hi Jon,
This is an excellent way to describe it. I believe it is also important to remember that this adjustment is influenced by many factors such as advances in cryptography, security requirements, and emerging threats, not solely by the doubling of microprocessor processing speed.
If the processing speed doubles every year, in 30 years it will have doubled 30 times. If we consider that increasing the key length by one bit theoretically doubles the amount of time it takes to brute-force the key, then we need to increase the key length by one bit for every time the processing speed doubles to maintain the same level of security. So, if the processing power doubles 30 times, we would need to add 30 bits to the original 100-bit key length to maintain a similar level of security, resulting in a 130-bit key.
Simple thought process to derive the answer for the expected key length in 30 years.
When taking into consideration the processing speed of microprocessors doubling each year, and currently a session key has to be 100 bits long for it to be strong, we can use this information to calculate how long a session key must be 30 years from now. by adding 1 bit for each year, it allows the session key to maintain it’s strength in the future, when computers are more advanced, which would be 130 bits.
Hashem, it can keep organizations equipment balanced and not have to replace their technology due to failures or breakdowns. It will also keep the information protected for the organization when conducting business.
Hi Hashem,
Your estimate, about a 130 bit key becoming feasible within the three decades is accurate. However, it’s crucial to clarify that the growth of computing power follows a trajectory than a linear one. Each bit in a key double the difficulty of decryption making it more intricate than increasing the key size by one bit each year. Moreover, the strength of encryption is influenced by factors than just the length of the encryption key, such, as the specific algorithm employed.