The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.

## Reader Interactions

### Comments

### Leave a Reply

You must be logged in to post a comment.

Andrew Young says

If we operate on the premise based on the algorithms presented by Vacca, it would appear that that adding a single bit to a key is sufficient to create a large variation of possibilities, doubling the time it could take for a code to be broken. if the 100 bit key encryption is sufficient in our current age, and we operate on Vacca’s calculation premise that adding 1 bit doubles the rate at which it would take to break a code, then we would only need to add 1 bit per-year, leaving us with a theoretical 130 bit length key in 30 years

Jeffrey Sullivan says

With the number of algorithms in this week’s class and the amount of data in the chapters, I had to read over the material several times. If you see my post, you will notice I don’t have a straight numeric answer as I think there is much more the question that just a numeric answer. How did you specifically come up with 130? Like the equation part. Given the several laws that where covered and what will be available in the future, I feel there is more to the answers that just 130. That is just my thought process but seeing other responses I feel like 130 may be correct.

Andrew Young says

I used a similar equation to the ones outlined in the Vacca chapters listed. I had a hard time importing the exact numeric in but the general outline I received from the Vacca chapter was that (2^N/2) where N is the number of bits. This equation can be used to calculate the number of key combinations generated per bit length. Since keys are variations of 1s and 0s we are using 2 as our variant number. This returns a sufficiently large enough number of combinations to be considered secure by Vacca’s standard, but additionally, adding even just 1 number to the key length creates almost double the amount of variables. This indicated to me that it would only require at minimum 1 bit increments per-year to be considered secure. Obviously more bits could be added, but to avoid processing delay this is the most ideal outcome to my mind

Michael Obiukwu says

The burgeoning increase in total processing speed of microprocessors poses a significant complication in the domain of symmetric session key cryptography. Currently, a symmetric session key strength hinges primarily on a 100-bit length. However, with microprocessors doubling their processing dynamics — including clock rate and number of circuits — approximately every year, it engenders a looming question: What will be the required length of a symmetric session key to be considered strong in 30 years?

For every additional bit of length assigned to a key, overall decryption time theoretically doubles. Consequently, as processing capability augments in synchronization with Moore’s Law, key length must follow suit to sustain its viability against decryption. Extrapolating this principle, if processing speed doubles yearly for the next 30 years, then a session key – to retain formidable strength – may require an astounding length of about 130 bits. This progression suggests an increasingly complex cryptographic landscape where key length will be a critical determinant of security strength.

Ikenna Alajemba says

Michael yes I agree with you that the ever-accelerating processing power of microprocessors presents a distinct conundrum to symmetric session key cryptography and, aligning with Moore’s Law, the security of these keys—currently dependent on a 100-bit length—risks obsolescence unless they evolve. Therefore, over the next 30 years, keys may require a staggering length of approximately 130 bits in order to maintain their imperviousness to decryption.

Alyanna Inocentes says

I would like to add that 100-bit symmetric key is already generally strong and secure for most purposes as it provides a high level of security to resist brute force attacks. This just goes to show that, when we move from 100 bit to 130 bit, we’re transitioning to stronger security as technology advances over time.

Jeffrey Sullivan says

Test response to see if I can respond per profile issue.

Ikenna Alajemba says

In accordance with Moore’s Law, the collective processing speed of microprocessors, guided by the clock rate and count of circuits, is anticipated to double annually. As of present, the cybersecurity landscape defines a robust symmetric session key as one that consists of 100 bits. Yet, as computational power relentlessly escalates, our precepts regarding the strength of encryption seem destined to evolve.

Projecting three decades into the future, we find a profound query: What will be the required length of a symmetric session key to preserve its classification as ‘strong’? Evidently, a significant factor to consider while answering this question rests in the exponential increase in cryptographic decryption speed induced by advancing technology. It would be riveting to note how increasing the key length by a mere bit could potentially amplify the time taken for decryption.

Therefore, in a rapidly developing digital era, our understanding of cryptographic strength must constantly pivot to suit the increasing abilities of computational systems. Does this mean a larger key size will rule the encryption realm of the future? The answer hovers in the intersection of advancements in technology and the equilibrium point of encryption and decryption speeds.

Jeffrey Sullivan says

I’m glad you didn’t just put a numeric answer as this question was too short for the amount of material these chapters had, there just no way it can be 130 and that is all, there’s too much data like you pointed out the advancements in technology and the point of encryption and decryption speeds. Just like i pointed out as well plus the bandwidth that will be needed, and I even went as far as saying the data provided this week will not be efficient enough to answer numeric only. Just wait until quantum catches up with the cryptography, it’s going to open and close doors, industries etc. like we never seen before.

Michael Obiukwu says

Hi Ikenna,I quite concur with your perpective. Building upon Moore’s Law, it is projected that the cumulative processing speed of microprocessors will biennially double, driven by circuit count and clock rate. Current cybersecurity standards deem a 100-bit symmetric session key as robust. However, as computational prowess continually surges, our perception of encryption strength may evolve. Fast forward 30 years into the digital age, we ask an intriguing question: How long should a ‘strong’ symmetric session key be? The answer lies in managing the balance between technological advancements and the speed of cryptographic decryption. Even a single-bit increase in the key length can significantly impact decryption speed. The future of encryption, therefore, is poised at a pivotal juncture – will larger key sizes dominate? The response hinges on the intersection of tech advancements and encryption-decryption equilibrium.

Ashley A. Jones says

According to Kapoor and Pandya in Vacca’s chapter 46, the processing speed of a computer is used to encrypt printable data represented by large blocks of ones and zeros. The most common value of a block is 64, 128, 256, or 512 bits. Commonly used today, AES uses the Rijndael algorithm and operates on blocks that are 128 bits in length with permissible key lengths being 128 (10 rounds of encryption), 192 (12 rounds of encryption), and 256 (14 rounds of encryption) bits. 256 bits is already very long and difficult to decrypt for any attacker considering the goal of encryption is to confuse the attacker and make it impossible for the hacker to break the encryption consisting of finite number of substitutions and transpositions. It would take 78-digit key combinations before a successful attack. With this and doubling processing speeds in mind, I believe that in 30 years we will still be using up to 256-bit encryption. Adding a bit per year could suffice in optimizing encryption but this will most likely not be necessary. 100–150-bit encryption is very strong.

Michael Obiukwu says

Hello Ashley,

In agreement with Kapoor and Pandya work,which purports that the computational prowess of computers is deployed to cypher extensive blocks of binary data, principally represented through 64, 128, 256 or 512 bits. However, contemporary encryption predominantly relies on AES, encompassing the Rijndael algorithm with 128-bit blocks and key lengths of 128, 192, and 256-bit.

Marc Greenberg says

To maintain the same level of security, as processing speed increases, the required key length must also increase. Based on the assumption that Moore’s Law continues to hold, which implies that the total processing speed of microprocessors doubles roughly every year, the length This increase in key length is necessary to counterbalance the growing computational power available to potential attackers

If the clock rate and number of circuits continue doubling every year for 30 years, the 100-bit symmetric would need to be 130 bits (2^100/2) to be considered strong.

how much longer it takes to brute force a key as the key length increases by a single bit. This doubling of key length roughly doubles the time required for a brute force attack.

Jeffrey Sullivan says

Your equation makes sense. How did you figure this out so clearly? I had a difficult time with this question and had to read the material over and over again then it started to make sense even though I was unable to provide a numeric answer. So, your 2^100 is just saying the data is double every year and you divided by 2 as per the doubling of the data? interesting, makes sense though but what are your thoughts on all the algorithms that were provided in this week readings? Just curios as this is my first time going over this type of topic.

Akintunde Akinmusire says

For a symmetric key to be considered as strong in 30 years, it will need to be 130 bits. In the scenario presented where microprocessor processing speed is doubling yearly and a symmetric key needs to be 100 bits today, then the symmetric key should be 130 bits in the next 30 years. If the processing speed doubles annually and the current amount is 100 bits, the following year would be 101 and the next 30 years would be 130 bits.

Marc Greenberg says

I agree with your assessment, keep in mind this is a brute force attack and as the clock rate and number of circuits continue doubling every year for 30 years, the 100-bit symmetric would need to be 130 bits (2^100/2) to be considered strong. Keep in mind that speeds will continue to increase so we can even do more over time.

Jeffrey Sullivan says

Testing to see if I can post

Chidiebere Okafor says

Based on the analogy which suggests that to maintain the same level of security for symmetric session keys, their length needs to increase over time. Currently, a 100-bit symmetric session key is considered adequate for security. In 30 years, it would need to be 130 bits (2^100/2) to be considered strong, i.e., 100 bits will currently amount to 101 bits next year, which will become 130 bits in 30 years (if the processing speed doubles annually).

This calculation is based on the idea that the key length needs to increase by one bit each year to compensate for the doubling processing speed.

Alex Ruiz says

Each year that processing doubles we can offset it by adding a single bit, because each time we do that the number of possible keys doubles essentially keeping the same amount of processing effort to crack, so following that formula, in thirty years we’d theoretically only need 130 bit keys, but as we’ve seen Moore’s “law” isn’t really reality these days. So thinking that I believe to maintain similar security we’d need to at least double the rate of processing so I’d say we’re more likely to use keys closer to 160-200bits in 30 years.

Ashley A. Jones says

Hi Alex, I like the way you are forward thinking here. It makes sense that we may be a bit further along than the 130-bits since processing speeds will continue to double and technology is advancing every day. I think I missed Moore’s law in the readings so I will look back into this as well.

Akiyah says

Hi Alex, You provide an interesting perspective. I’m curious, though, about the potential impact on performance if we were to adopt 200-bit keys in 30 years. Do you think it might pose challenges in that regard?

Akiyah says

I want to clarify. Would this pose challenges to companies that may not have the budget to purchase hardware/microprocessors that can handle this encryption length. I am thinking that while 200-bit symmetric encryption keys would provide extremely high security, their practical use may present challenges in terms of computational resources and compatibility.

Alyanna Inocentes says

In cryptography, the length of the encryption key plays a pivotal role in determining the security of the data. Essentially, the longer the key, the more resistant it becomes to brute-force attacks, where attackers attempt all conceivable key combinations to decipher the encrypted information. With every single-bit increase in key length, the number of potential keys for an attacker to test effectively doubles, substantially enhancing the strength of the encryption.

In the context of processing power doubling every year for three decades, we must offset this trend by adding one bit annually to the key length. This countermeasure ensures that the encryption maintains its original level of security. After 30 years, the key would need to be extended to 130 bits to sustain this security standard, assuming the continued exponential growth in processing power adhering to Moore’s Law.

Kelly Conger says

You’re right about the key length being crucial for encryption strength. It’s like building a wall – the taller the wall, the harder it is to climb over. As computers get faster each year, those walls must keep getting taller to stay safe. But there’s a new technology called quantum computing on the horizon, and it’s like a giant ladder that could reach over even the highest walls. That means we must start designing new walls, just in case. So, for now, longer keys are the best way to keep things secure, but we can’t afford to ignore future threats.

Akiyah says

A 100-bit encryption symmetric key provides 2^100 possible key combinations. In 30 years, due to this exponential growth, the processing power will have increased by a factor of 2^30. Each additional bit in the encryption key essentially doubles the potential key combinations, significantly increasing the difficulty of decryption.

Therefore, to maintain the same level of security that we have today , in 30 years, we would need to transition to a 130-bit symmetric key. As processing power increases, bad actors could leverage brute-force attacks to rapidly breach systems. Thus, a longer encryption key offers a higher level of protection against these threats.

Unnati Singla says

In 30 years, a symmetric session key may still be considered strong with a length of about 100-150 bits. This conclusion is based on the fact that the implementation of 256-bit encryption is already too strong and difficult for any attacker to decrypt even when the implementation speed is doubled at 30 an in the next issue. Also, the text suggests that adding a little to the key length each year can be enough to improve encryption. You won’t need to go beyond 150 bits

Erskine Payton says

Hello Unnati,

I like the way you pointed out that 256-bit encryption if already very strong. I said something similar because what is in place is working for now. In 30 years adding keys will certainly improve security, you pay the price when you lack availability.

Erskine Payton says

I needed to understand how symmetric ciphers work. So, it breaks downs to ones and zeros with the most common values of a block being 64, 128, 256, or 512 bits. According to the text if we were to add just one per year for the next 30 the this would make in even more difficult for hackers to crack. The goal is to make the message even more confusing and adding a single bit a year does this. Of hand you would think the answer would 130 but if keys are doubling each year, that number would be a ridiculous number. I do believe that as the technology advances so will the way we use symmetric keys.

Akintunde Akinmusire says

Hi Erskine,

I agree with the last part of your post. It is essential to keep increasing the length of the keys to maintain security. Hackers now have numerous tools and techniques they use, so it is important for security to always evolve to address security issues.

Kelly Conger says

In 30 years, a symmetric session key will need to be approximately 130 bits long to maintain the same level of security as a 100-bit key today. This is because computational power (let’s not talk about quantum computing here) doubles roughly yearly, meaning attackers can test potential keys much faster. Each additional bit in the critical length doubles the possible combinations, significantly increasing the time and resources required for a successful brute-force attack. Therefore, to stay ahead of growing computing power and maintain strong security, we must scale up our encryption key lengths accordingly. If you want to try brute force your passwords, look into a program called HashCat. With a dedicated graphics card, you can brute force 5-character passwords of less in seconds. Plus, the more Graphics cards you add, the faster you can crack a hash. I have an Ubuntu system with 7 Nvidia Geforce 3060 graphics cards that can crack most 6 or less-character passwords in minutes.