The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
zijian ou says
130 bits.
Because doubling roughly every year, for example, 100 bits for today next year it’s 101. after 30 years, it’s 130 bits.
Mohammed Syed says
Today generally use 100 -300 bit encryption, 256 bits length consider enough and unbreakable for the brute-force attack as per the current computing power.
100 bit symmetric key consider strong its fully depend on upcoming computer capabilities, as per the Quantum computer power and cracking possibilities for crack available encryption is are not enough, we can say that it terminate most of the today’s encryption key effectiveness, they are failure against the quantum attack.
128-bit symmetric key is computationally secure against brute-force attack. Just consider the following:
Faster supercomputer (as per Wikipedia): 10.51 Pentaflops = 10.51 x 1015 Flops [Flops = Floating point operations per second]
No. of Flops required per combination check: 1000 (very optimistic but just assume for now)
No. of combination checks per second = (10.51 x 1015 ) / 1000 = 10.51 x 1012
No. of seconds in one Year = 365 x 24 x 60 x 60 = 31536000
No. of Years to crack AES with 128-bit Key = (3.4 x 1038 ) / [(10.51 x 1012 ) x 31536000]
= (0.323 x 1026 )/31536000
= 1.02 x 1018
= 1 billion billion years
But scenario will be vary as per the capabilities of upcoming computer powers, RSA claim 2048 bit RSA key consider sufficient until 2030, but after that think for 3072 or more bit.
Matthew Bryan says
Mohammed,
Thanks for providing such a detailed post. The time scale required to break AES 128 is staggering. I am curious to see how available quantum computing will be in the future and how APTs may use it. I can’t imagine this technology being readily available for a most folks.
Antonio Cozza says
Mohammed,
It willy surely be interesting to see how quantum computing changes the entirety of computing and what that will look like in a variety of scopes, like average users, organizational networks, home networks, and research facilities. With quantum computing, the security landscape will surely be revolutionized as well.
Dan Xu says
Thank you for your explanation which helped me understand the question better. I agree with you that the power of 100-bit symmetric keys depends entirely on the upcoming computer capabilities, and we may have even better computer processing capabilities in the future. Your equation for the number of combined checks per second and the number of seconds in a year is well organized and easy to understand. Cracking possibilities also need to refer to the capabilities of quantum computers.
Miray Bolukbasi says
Hi Mohammed,
Thanks for your effort on this response, it helped me to understand the link between the bits and Quantum computer power. Also, it will be interesting to see if RSA keys will be match with the expectations in 30 years.
Joshua Moses says
This question was interesting, but very convoluted to me. Mohammed, your answer has provided a lot of insight for all of us here. Truly appreciate it!
Dhaval Patel says
If you are doubling every year and the current symmetric session key is 100 bits after 30 years it should be 130 bits because adding one bit per year essentially doubles the number of session keys. If you consider the formula 2^n/2 this will tell you the number of key combinations, and so 2^100/2 is going to be a large number of key combinations, and increasing that value each year by one makes it significantly more difficult to crack.
Vraj Patel says
Hello Dhaval,
That’s a great formula to figure out the number of bits needed to have an strong encryption key for any particular year. 130 bits will definitely be stronger after the 30 years as 100 bits are strong enough at the moment.
kofi bonsu says
Hello Patel,
In fact, your analysis contains all the salient points about symmetric encryptions. But I am trying hard to understand the correlation between encryption key length and processing speeds. and that would enable me to fully grasp with that concept. I do hope and believe that your comments had given me more insights into symmetric session.
Olayinka Lucas says
Hello Kofi,
For clarity, encryption strength is often described in terms of the size of the keys used to perform the encryption: in general, longer keys provide more robust encryption. Key length is measured in bits. So, The longer the key length, the more the processing speed and strength required to ensure that the cryptography (arithmetic algorithm) converts the text (data) from plain to ciphertext, vice versa.
Matthew Bryan says
Each bit added to a binary symmetric encryption key doubles the key space. For example,
AES-128 has 2^128 key pairs and AES-256 has 2^256 . If computing power doubles each year, a symmetric encryption key would need to be 130 bits in length to be considered strong in 30 years.
Michael Duffy says
I agree; however I do think that traditional microchip processors are going to start slowing down as we’re approaching atomic levels for microchips. Which might mean that processor speeds might double every 2 years instead of 1 depending on the industry… Or quantum computing becomes mainstream and that entails a much bigger problem.
Madalyn Stiverson says
Yes, quantum computing becoming mainstream is a huge potential issue. If foreign nations or hackers gain access to working quantum computers before we adopt quantum-proof encryption, it poses a major security threat. The banking industry would collapse… how would they protect themselves if their encryption was being instantly broken by quantum computers? Overall, it would cause a lot of havoc. Hopefully we can implement quantum proof encryption before then!
Vraj Patel says
As of today, 100 bits is being considered as strong. If it is doubling roughly every year, then it will require to have 130 bits to be considered secure. Adding 1 bit every year will double the key length in size. As a result, if adding 1 bit every year for next 30 years to the 100 bits there will be 130 bits at the end of next 30 years.
Antonio Cozza says
If the processing speed doubles annually and the current symmetric session key needs to be 100 bits to be considered strong, in 30 years it would need to be 130 bits to be considered strong to keep up with the processing speed increases, as one extra bit added would double the symmetric key length since it is binary (base 2). One more bit added to the key annually would suffice in general assuming that the processing speed grows consistently with a 2x multiplier. While different encryption methods may have different encrypt vs decrypt times, AES encryption has the same encryption/decryption time.
Andrew Nguyen says
If a symmetric session key needs to be 100 bits long to be considered strong, in 30 years a symmetric session key should be 130 bits (assuming the total processing speed of microprocessors doubles every year). Increasing the length of a symmetric session key by a single bit will double the number of session keys, the same rate at which microprocessors will be able to perform decryption.
Kelly Sharadin says
If the clock rate and number of circuits continue doubling every year for 30 years, the 100-bit symmetric would need to be 130 bits (2^100/2) to be considered strong. Considering it will take 1 billion years to crack a 128-bit symmetric key with current computational power, it will be interesting to see what decryption capabilities adversaries will have in response to stronger cryptography standards.
https://www.eetimes.com/how-secure-is-aes-against-brute-force-attacks/
Miray Bolukbasi says
Hi Kelly,
Thanks for sharing the article link with us! It explains well that why longer keys are considered stronger against brute-force attacks. While it’s really hard to crack already 128bits, it will be interesting to see the need of 130 bits symmetric keys in 30 years.
Bryan Garrahan says
Hi Kelly thanks for sharing the article. Encryption is an area I don’t have much hands on experience in and I enjoyed reading this article to understand how it can be compromised from a brute force attack perspective. I also found this article (link below) which outlines a few other attacks (i.e. Cipher-only, Known-plaintext) which can be used to take advantage of weak encryption.
https://www.infosectrain.com/blog/different-types-of-cryptography-attacks/
Wilmer Monsalve says
Hi Kelly I agree it will be interesting what the future holds in terms of computational power excelling every year, would it really be possible for it to crack a 128 bit in a time efficient manner?
Olayinka Lucas says
Based on the analogy that the processing speed doubles every year, and the current symmetric session key needs to be 100 bits in length to be regarded as adequate. Therefore, in 30 years, it would need to be 130 bits (2^100/2) to be considered strong, i.e., 100 bits will currently amount to 101 bits next year, which will become 130 bits in 30 years (if the processing speed doubles annually).
Ryan Trapp says
In 30 years for a symmetric key to be considered strong it will have to be 130 bits in length. This is due to the fact that adding 1 bit doubles the amount of keys. So if adding one bit every year ensures it would be strong, and we have started with a key length of 100 bits, then after 30 years we would have a key length of 130 bits to be considered strong.
kofi bonsu says
Should the processing speed increases yearly then the current symmetric session key needs to be 100 bits to be regarded as being strong, in 30 years as it would prefer to be 130 bits to be deemed strong to keep up the pace with the processing speed increases. This is so because one bit must be added each year since a single bit increase doubles the number of possible keys. One more bit added to the key on yearly basis would be enough in totality thinking that the processing speed grows continuously with a 2x multiplier. Whereas different encryption methods and procedures may have somewhat different encrypt vs decrypt times, AES encryption has the same encryption/decryption time.
. The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling
roughly every year. Today, a symmetric session key needs to be 100 bits long to be considered strong.
How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider
how much longer decryption takes if the key length is increased by a single bit.)
130 bits long, one bit must be added each year
Lauren Deinhardt says
Thanks for your detailed description, Kofi. This really helped me better understand this assignment and task at hand.
Dhaval Patel says
Hi Kofi,
You bring up a good point with the different encryption methods and their timings. If I am correct I do believe RSA might have the slowest time (but will depend on the file size), and it tends to use up the most RAM as well. AES and Blowfish turned out to be the most effective encryption methods as well as the most secure.
Dan Xu says
Since the total processing speed of microprocessors doubles approximately every year, symmetric session keys need to be 100 bits long to be considered strong. If you add 1 bit, the number of possible keys doubles. For example, 100 bits today will be 101 next year. 130 bits in 30 years. The number of keys produced each year is doubled. If you consider the formula 2^n/2 this will tell you the number of key combinations to be considered the most important, but we may have even better computer processing capabilities in the future.
zijian ou says
Thank you for the formula
Miray Bolukbasi says
Typical symmetric algorithms include varying between 128 and 256 bits. Since adding one bit to symmetric key doubles it, for example it would be 101 for the next year. If it doubles every year, For 30 years from now, it would approximately need to be 130 bits.
Michael Duffy says
If processors are roughly doubling every year; and each bit added doubles the strength of symmetric encryption. Then 130 bits would be necessary in 30 years in terms of bit strength…
Unless of course Quantum Computing makes major breakthroughs and becomes the new platform for computing. THEN we will essentially see modern cryptography break in the years to come.
Richard Hertz says
I like the way you introduced disruptive thinking into the discussion. Very little technology has remained constant in our lives for 30 years and the idea that cryptography would do so seems far fetched. I believe that Quantum Computing (or ssmething similar) will disrupt current patterns and cause something to change in modern cryptography.
Michael Galdo says
The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
30 years from now a symmetric session key will have to be 130 bits in length to be considered strong. Adding 1 bit every year means we have to double the amount of keys. Since we are starting off with today’s symmetric key that requires 100 bits to be strong, adding 30 years would mean adding 30 bits leaving us at 130 bits for a strong symmetric session key.
Madalyn Stiverson says
Adding 1 bit doubles the number of possible keys, so adding 1 bit per year will allow it to maintain pace with the speed at which microprocessors are growing. Therefore, in 30 years a symmetric session key will need to be 130 bits long to be considered strong.
Jason Burwell says
Hi Madalyn,
The way you explained it was very quick and easy to understand
Olayinka Lucas says
Hello Madlyn, Well said.
The use of the phrase “so adding 1 bit per year will allow it to maintain pace with the speed at which microprocessors are growing.” creates more clarity and insight for me.
Thank you.
Corey Arana says
With symmetric session keys needing to be 100 bits long to be considered strong, a symmetric session key will need to be 130 bits long in 30 years to be considered strong. By adding one key each year, the key length will double in size. The key will stay par with strength over time.
Michael Galdo says
Hello Corey,
I agree with your answer and you do a great job making the concept easy to understand. Adding 1 bit per year gets you 30 additional bits over 30 years, and understanding that the key will stay strong is important.
Wilmer Monsalve says
Given that the symmetric session key is currently 100 bits and the processing speed is estimated to double every yea. A one bit increase per year would equal out to 130 bits and can be calculated with this formula (N*(N-1))/2. However there is some dispute given that processors clock rate double it would still take a very long time for it to actually crack through brute force attack.
https://www.skillset.com/questions/how-many-encryption-keys-are-required-to-implement-a-symmetric-algorithm-with-12-participants
Ryan Trapp says
Hi Wilmer,
Thanks for providing that link to the explanation and formula. It certainly helps when you see a mathematical formula in front of you that is easy to plug numbers into. It’s also helpful to know that for an asymmetric key the formula is simply just 2N.
Victoria Zak says
If you are doubling every year and the current symmetric session key is 100 bits after 30 years, the answer is 130 bits (2^100/2). Each additional bit doubles the effective search time, so only one bit must be added each year.
Lauren Deinhardt says
By adding one bit per year, you will be doubling the amount of keys required to decrypt a message. Therefore, using the equation 2^n (n= 130 given the amount of bits prior mentioned), it is calculated that the message can be decrypted through brute force within 1361129500000000000000000000000000000000 attempts—which is highly secure and difficult to break.
Jason Burwell says
The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
With the symmetric session key being 100 right now as we speak, I would say in 30 years it would need to be 130bits as the formula (2^100/2) tells us. Will be interesting to see what decryption methods will be used to try and compete with this
Richard Hertz says
The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
30 years from now a symmetric key will be considered strong if it’s 130 bits in length. We get to this answer because adding 1 bit doubles the number of keys. If Moore’s Law is roughly doubling the compute power every year and if adding one bit every year doubles the number of keys and we have started with a key length of 100 bits, then after 30 years we would have a key length of 130 bits to be considered strong.
Bryan Garrahan says
Symmetric encryption is achieved when a sender uses a single key to encrypt a dataset and a receiver uses that same key to decrypt the data in order to access the intended dataset. Typically, keys which contain a larger numeric key size are more difficult to resolve and are less likely to be compromised by a potential attacker. In the scenario presented, the key length requirement would be at least 130 bits to be considered strong since ideally one bit should/would be added every year.
Olayinka Lucas says
Hello Bryan, Well said. Your first two sentences create the much-required clarity into the definition of symmetric encryption and how the same private key is used for encryption and decryption.
Joshua Moses says
A symmetric session key will have to be at least 130 bits long to be considered strong in the next 30 years.
Alexander William Knoll says
Considering that a symmetric session key is currently considered strong by being 100 bits long, and it is doubling every year, in 30 years it will have to be 130 bits long to be considered strong. The reason for this is because every year one bit is added. For example, next year would require 101 bits, the year after 102 bits, etc.
Christopher Clayton says
Symmetric session key is an encryption key used to symmetrically encrypt one communication session only. Because the processing speed doubles and 100 bits is required to be secured, in order for the session key to be considered strong in a 30 year period, the key would have to be 130 bits due to one bit being added year to year.