The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.

## Reader Interactions

### Comments

### Leave a Reply

You must be logged in to post a comment.

Steven Lin says

A 100-bit symmetric key is currently strong encryption, but processing speeds are doubling annually, and in 30 years the computational power will increase exponentially. For each added bit to a key, the difficulty of decrypt doubles. But because the processing power increases by a factor of 2^30 over that time, this current key length would eventually become vulnerable as well.

To keep pace with these advances, the key length must also increase. To maintain today’s level of security, we’d need to add approximately 30 bits to the key, moving from 100 bits to 130 bits. This adjustment would counteract the anticipated leaps in processing power, keeping encrypted data as protected in thirty years as it is now.

Lili Zhang says

Hi Steven! I completely agree with your point about increasing key lengths to counteract advancements in processing power. One additional aspect to consider is how this also impacts storage and transmission—longer keys may require more resources, which can be a trade-off to balance against security improvements

Steven Lin says

Hi Lili! Thanks for adding that perspective it’s a great point, and I think in the real world, increasing the key length is not only about security but also about side effects like storage space and transmission time. We need to increase the key length to ensure the robustness of encryption. Still, we must also consider the additional overhead of longer keys to the system, especially in resource-scarce environments. There is a challenge in striking a balance between security requirements and practical constraints.

Justin Chen says

With the fast growing speed of microprocessors, doubled computing speed every year means the decryption speed with be two times faster every year as well. And with every bit added into the length of the key, it doubles the difficulty of cracking it. With all of that being said, 30 years later, in order to keep up with the advance of computing speed, 130 bits key is needed to be considered a strong one.

Yash Mane says

Justin, you raise a good point about the fast development in computer speed and its effect on encryption power. As you stated, if computer power doubles each year, decoding skills will also improve, making it increasingly easier to crack shorter keys over time. Since every extra bit in a key doubles the difficulty of cracking it, a 130-bit key in 30 years might indeed be necessary to stay ahead of this development. Your comment underscores the importance of planning for better encryption as computer technology continues to change, ensuring data security standards can keep up with future capabilities.

Justin Chen says

hi Yash,

Thank you for giving such compliment and the extra ideas added. In addition to increasing the length of the key, what do you think about other encryption technics or other ensuring that may improve in the future and how, or could there potentially be new technics that might take over and become the main stream?

Clement Tetteh Kpakpah says

To decide on the appropriate length of a symmetric session key needed in 30 years to be considered strong, the deciding factors are the key length, and the processing speed. The current 100-bit symmetric key is considered strong and denoted as 2 to the power “n” = 100

The future processing speed in 30 years is when n =70 using the denotation above. A strong symmetric session key needed in 30 years should therefore be equal at least or greater than the processing speed when n=70

Hence a minimum key length to be considered strong that will be sufficient to maintain the same level of security in the next 30 years should be n=100 (present) + 30 (future) =130 bits long. This is higher than the processing speed when n=70 in 30 years.

Lili Zhang says

Hi Clement! You did a great job explaining why a 130-bit key would remain strong for future needs. I wonder—do you think any new encryption techniques could be developed that might lessen the need to keep increasing key lengths? It would be fascinating to get your thoughts on that

Clement Tetteh Kpakpah says

Hi Lili,

Thanks for your comment and to reduce the need for continuously increasing key lengths in encryption, several new approaches such as Post-Quantum Cryptography, Homomorphic Encryption, Quantum Key Distribution, and Zero-Knowledge Proofs are being explored.

Daniel Akoto-Bamfo says

With the current symmetric key of 100-bit long, it will therefore require a 130-bit key to maintain the same level of security in 30 years. This is because an additional bit that is added to a symmetric key doubles the number of possible keys, thereby doubling the effort required to perform a brute-force attack. In other words, if it takes an attacker a certain number of time to crack a 100-bit key today, by adding a 1-bit key, it will take the attacker double the amount of time to crack a 101-bit key.

Yash Mane says

Daniel, you’re exactly right in explaining how adding bits to a symmetric key exponentially increases the difficulty of a brute-force attack. Given that each extra bit doubles the possible key combos, your math shows that a 130-bit key will indeed provide a similar level of security 30 years from now. As computer power improves, this exponential rise becomes important to ensure long-term data safety. Your insight shows how key length changes are important to fight the improved decoding skills expected in the future.

Lily Li says

Moore’s law postulates that the number of transistors that can be effectively integrated doubles roughly every two years, and the resultant computing power or efficiency increases with that. In 30 years for a symmetric session key to be considered strong, the processing power must increase, and assuming that it’s doubling every year the increase would be 2^30. Today, we are using a 100-bit key and in 30 years our processing power will be 2^30 making our total key length 130 bits. It’s important to maintain the same level of security, with the key length increasing exponentially. The total processing speed of microprocessors doubles every year, meaning that key length must also increase. This is because as processing power increases, the time required for a hacker to perform a brute force attack decreases if the key length stays the same. So it’s crucial that as processing speed increases key length increases as well.

Jocque Sims says

Good morning Lily,

I share your views on the importance of maintaining an appropriate number of bit keys to keep pace with advancements in system processing power. What is particularly notable about the logic underlying Moore’s Law is its role in determining acceptable key lengths. Although the discussion suggests a standard of a 100-bit key, it also emphasizes the necessity of considering the theoretical risks posed by a processor capable of decrypting such keys. For instance, using a cryptographic system to secure business plans with a short implementation timeline would not require an excessively long bit key. However, for highly sensitive information, such as proprietary data related to critical infrastructure, it would be prudent to use a key length sufficient to ensure that the information remains encrypted for decades. It’s quite a thoughtful approach. Excellent post.

Lily Li says

Hi Jocque!

Thank you for your response. You make an excellent point about determining acceptable key lengths for different data types. Depending on the type of data a 100-bit key or 300-bit key is often not needed as they have a shorter implementation timeline. By balancing security with efficiency it ensures that organizations are not over-investing in protection that isn’t needed while safeguarding critical assets that are essential to the company.

Sara Sawant says

For a symmetric session key to be secure against projected increases in computing power in 30 years, it would need to be 130 bits long. A 100-bit key provides sufficient protection now, but brute-force decryption gets exponentially faster as processing rates double annually. According to Vacca’s chapters as well as SANS Reading 4, a single bit added to the key length effectively counteracts advances in computing by doubling the number of feasible possibilities. Consequently, in order to preserve the same degree of protection against brute-force assaults by next 30 years, a key length of 130 bits would be required.

Charles Lemon says

Your observation regarding the rapid increase in computing power and the necessity to update key lengths for security is spot on. As you stated, a 100-bit key is adequate currently, however, with the fast progress in processing power, the security offered by a 100-bit key may be compromised within a few decades. I also value the mention of Vacca and SANS, as they emphasize that increasing the key length by just one bit can double the potential combinations, significantly increasing the difficulty of breaking the encryption using brute force. It seems logical to require a 130-bit key in 30 years to ensure encryption remains secure and keeps up with advancements in computational power.

Daniel Akoto-Bamfo says

Hello Sara,

What an impressive response to the question! Your reference to the insights from Vacca and the SANS reading really enhances the discussion, adding credibility to your argument. It raises an important point about the need for longer session keys in the future, emphasizing a critical element in cybersecurity.

Yash Mane says

Due to the doubling of microprocessor speeds each year, the effectiveness of brute-force attacks on encryption also doubles annually. Currently, a 100-bit symmetric key is secure, but to maintain this security level over the next 30 years, the key length must increase by 1 bit per year. Thus, after 30 years, a 100-bit key today would need to be 130 bits to remain secure against brute-force capabilities. This ensures encryption strength keeps pace with technological advancements in processing power.

Steven Lin says

Hi Yash, you got the general idea of the 1-bit increase per year to keep up with the doubling of processing power. It’s a simple concept that drives home the need for adaptability in encryption to future tech growth. Something to keep in mind, though, is how even small increases in key length can have an impact on overall system performance and the resources needed for encryption and decryption. It’s a balancing act between security and efficiency, more so when scaling up in environments where speed and storage are factors. Great analysis!

Rohith says

In order to maintain the current level of security for a 100-bit symmetric key in 30 years, considering the the exponential growth in processing power over the years we’ll need to increase the key length by approximately 30 bits to 130 bits. This adjustment accounts for the doubling of processing power annually, ensuring that the encryption remains secure against brute-force attacks.

To keep pace with this advancement, the key length must increase by 1 bit annually. This proactive measure guarantees that the encryption remains as strong in 30 years as it is today, safeguarding sensitive data from potential threats.

Clement Tetteh Kpakpah says

Hi Rohith,

Thanks for this great response which effectively captures the need for increasing key length to counteract advancements in processing power. It’s interesting to know that as the key length increases, the time to crack the key grows exponentially; for instance, each extra bit doubles the number of possible combinations. This tremendous growth means that even a small increase in key length can significantly enhance security.

Sarah Maher says

If computing power is doubling every year for the next 3o, and adding one bit to a symmetric session key doubles the time it take to decrypt it (each bit requires twice as many attempts to “brute force” crack the key). Then the key needs to be 130 bits long. This way both the computing power and the time to decrypt the key have increased by 2^30.

Rohith says

Great answer Sarah, I agree with your assessment. The relationship between computing power and key length is a critical factor in cryptographic security. As computing power continues to grow exponentially, it’s essential to stay ahead of the curve by increasing key lengths accordingly.

Jocque Sims says

To maintain a constant decryption time, a symmetric session key needs to be 130 bits long. This is derived from adding one bit annually for 30 years to an originally 100-bit key.

As microprocessor processing speeds improve, cyber attackers can more easily crack shorter symmetric keys, necessitating longer keys for enhanced security. However, this increase in key length also has a drawback; it can negatively impact system performance due to the additional processing power required, as well as the time needed for both encryption and decryption.

Lily Li says

Hi Jocque,

Great response. I agree that increasing the key length is essential to providing the security needed especially as microprocessor processing speeds improve. You mentioned the drawbacks and trade-offs of increasing key length which I think is a significant consideration that every organization needs to take into mind. Although increasing key length can indeed be beneficial to security there can be an impact on system performance, as a longer key would require additional processing power, making it a challenge in a high-performance environment.

Lili Zhang says

To maintain the current level of security for a symmetric key over the next 30 years, we need to adjust the key length in response to projected increases in processing power. Currently, a 100-bit symmetric key is considered strong, but with computing power expected to double annually, it will be easier to crack shorter keys in the future. Each added bit to a symmetric key doubles the decryption difficulty, which offsets the increased processing power.

By 30 years from now, computational speed would be 2^30 times more powerful, making a 100-bit key vulnerable. To counter this, we would need to increase the key length by approximately 30 bits, moving from a 100-bit to a 130-bit key. This adjustment ensures that the encryption strength remains robust, maintaining today’s level of protection against brute-force attacks and accounting for the rapid growth in processing speeds.

Haozhe Zhang says

Hey Lili

Great take on symmetric key and security level. What other factors do you think could impact the security of symmetric keys in the future?

Aaroush Bhanot says

Hi Lili,

I like how your explanation captures the relationship between key length, processing power, and encryption strength. You’re absolutely correct that adding bits to a symmetric key effectively counters the increase in computational power, making it exponentially harder to brute-force. This approach is crucial to maintaining security over time as technology advances. It is worth considering how advances in quantum computing might impact cryptography. Unlike classical computing, which increases power by doubling each year, quantum computing could potentially break current encryption methods exponentially faster. Could quantum computing advancements require us to rethink key lengths sooner than anticipated?

Aaroush Bhanot says

If we assume that processing power doubles every year, the implication for encryption strength is significant. Each bit added to the key length doubles the time that would take to break the encryption using brute force. This relationship between processing power and key strength allows us to estimate how much longer a symmetric key would need to be in 30 years to remain “strong” under the assumption of exponentially increasing processing power.

Since processing power doubles annually, in 30 years, processing capability would increase by 2 raised to 30 (2^30). Currently, a 100-bit key is considered strong enough to resist brute force attacks. Every additional bit in a key doubles the time required for decryption because it increases the number of possible keys by a factor of 2. Since processing power would increase by 2^30 , to maintain the same level of security, we would need to increase the key length by 30 bits.

100+30 = 130

A symmetric session key would need to be at least 130 bits long in 30 years to maintain comparable security strength.

Charles Lemon says

The rapid growth in microprocessor speed has a significant effect on the strength of symmetric session keys. With processing power doubling about every year, brute-forcing a key becomes increasingly possible as time goes on. Presently, a 100-bit symmetric key is deemed powerful, offering a theoretical maximum of different potential pairings. As the length of the key increases by adding more bits, the number of potential combinations also multiplies by two, which significantly increases the difficulty of cracking the key.

By extrapolating this pattern for 30 years, we can predict the growth in key length needed to uphold the current security standards. As processing speed increases yearly, the key length needed to protect against brute-force attacks must also see a considerable boost to maintain security. If we project that in 30 years the processing power will have multiplied by a certain factor, In order to keep up with the stronger processing capabilities, a key length of about 130-140 bits could be required to ensure the same level of security. This range provides a cushion against improvements in decryption abilities, ensuring that symmetric encryption stays strong despite technological advancements. Hence, it is clear that the necessary key length must increase in proportion to the rising speed of microprocessors to adapt to the changing cybersecurity environment.

Sara Sawant says

Hi Charles,

The rapid growth in microprocessor speed greatly impacts symmetric key strength. As processing power doubles roughly every year, the feasibility of brute-force attacks grows. With each additional bit in a symmetric key, the total number of possible combinations doubles, exponentially increasing decryption difficulty.

Currently, a 100-bit key is considered strong. In 30 years, due to processing improvements, we’d likely need a key length around 130-140 bits to maintain equivalent security. This projection allows for a security buffer, adapting to the faster decryption capabilities expected from advancements in computing. What are your thoughts on how advancements in quantum computing might affect the need for even longer symmetric keys in the future?

Parth Tyagi says

For symmetric encryption, every additional bit in a key doubles the number of possible keys, making brute-force attacks twice as hard. Currently, a 100-bit key is considered strong, but with processing speeds doubling each year, computers will be about 2^30 (or roughly a billion) times faster in 30 years. To counter this increase, we would need to make decryption about a billion times harder by adding 30 extra bits to the key length—since each bit doubles the security. Therefore, in 30 years, a symmetric key would need to be around 130 bits long to remain secure, accounting for the anticipated advances in processing power.

Haozhe Zhang says

You’re absolutely correct! Since each additional bit doubles the security of a symmetric key, increasing today’s 100-bit key to 130 bits would counteract the anticipated increase in processing speed over the next 30 years. This would keep brute-force attacks at bay, despite faster computers. Do you think there might be other factors, besides processing speed, that could impact key security in the future?

Elias Johnston says

If the speed of microprocessors is doubling every year, a session key that is 100 bits long will eventually become susceptible to brute-force attacks. However, each increase in the bit-length doubles the number of possible keys.

ex.) 1 bit key has 2 possible keys, 2 bit key has 4, 3 has 8, 4 has 16, etc.

If this is the case, every year that the microprocessors double in speed should be met with a singular increase in bit length to counteract the microprocessor development. Because of this, 30 years of improvement should be met with an increase of 30 corresponding bits, 1 for each year, for a total of 130.

Haozhe Zhang says

If one wanted to ensure that a symmetric session key is secure against predicted advances in processing capability for the next 30 years, then that session key would have to be 130 bits in length. Although a 100-bit key is considered safe at present, the exponential growth of brute-force decryption speed-which improves with doubling processing rates each year-requires a longer key for security over time. As Vacca’s chapters and SANS Reading 4 point out, for every extra bit added in the key length, it doubles the number of possible keys, which should offset advancements in computing power. Therefore, over the course of several decades, a 130-bit key will be needed to provide the equivalent resistance to brute-force attack as is provided today.

Elias Johnston says

Hi Hoazhe,

I agree that the correct bit length in 30 years will be 130 bits. I think it is very interesting that microprocessors improve enough every year to halve the time it takes to solve a bit. I really liked that you referenced the reading in your response. Nice job on this post.

Elias Johnston says

*Haozhe

apologies for the misspelling