The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.

## Reader Interactions

### Comments

### Leave a Reply

You must be logged in to post a comment.

Christopher Williams says

Since processing power doubles each year, decryption speed also doubles, making it easier to break keys over time. Every bit added to a key doubles the time it takes to crack it. Today, a 100-bit key is considered strong, but in 30 years, processing power will have doubled 30 times. To keep encryption just as secure, we’d need to add 30 bits. So, a strong key in 30 years would need to be 130 bits long.

James Nyamokoh says

Hi Chris,

I agree with your points about how computing power will keep growing and that we’ll need longer encryption keys to stay secure. You’re right that adding bits makes it much harder to break the encryption. However, we should also think about other challenges, like new ways of breaking encryption and the future of quantum computers. These computers could break today’s encryption much faster, so even keys that are 130 to 160 bits long might not be enough. To stay safe, we need to start using new types of encryption that can’t be broken by quantum computers. What do you think is the best way for companies to start preparing for this change now?

Christopher Williams says

I think they could begin by testing hybrid encryption approaches that combine traditional and quantum-resistant methods. That way, they’ll be ready for both current threats and future ones. It’s definitely an area where proactive steps could make a huge difference.

Benjamin Rooks says

It is a bit wild to me that we aren’t hearing more about quantum computing in normal news. I honestly believe that it has the potential to be an even larger problem then what people worry about with AI.

Gbolahan Afolabi says

The best method currently seems to be hybrid encryption which is a mix of symmetric and asymmetric encryption. It works by by using symmetric encryption on top of asymmetric encryption covers some of the bits, this way there is more complex processing required but not for all of the bits.

James Nyamokoh says

With technological advancements, processing speed doubles approximately every year, meaning computers become more powerful and faster at solving complex problems. In cryptography, this pace requires progressively stronger encryption to keep data secure. Today, a 100-bit symmetric key is adequate because it would take considerable computational effort to break it. However, each additional bit in a key makes cracking exponentially harder, as the number of possible key combinations doubles. Looking ahead 30 years, this increase in computing power suggests that today’s key lengths will no longer provide the same level of security. To stay ahead, a symmetric key will likely need to increase by around 130 bits, reaching an approximate 230 bits to provide an equivalent level of security. This ensures data protection stays ahead of future computing power.

Nelson Ezeatuegwu says

A symmetric session key is an encryption and decryption key that is randomly generated to ensure communication between two devices is protected. The temporary nature of symmetric session keys helps security because the more data a key encrypts, the more vulnerable it is to cryptanalysis. Considering processing speed is doubling every year, and assuming a symmetric session key needs to be 100 bits long to be considered strong today, it means that a symmetric session key would need to be 110 bits long to be considered strong in 10 years, 120 bits long to be considered strong in 20 years and 130 bits long to be considered long in 30 years.

Andrea Baum says

I agree that a 130 bit symmetric session key may be necessary in 30 years, as increasing key length will be crucial to counter the advancements in processing power. Regularly extending key lengths ensures that encryption remains resilient against future cryptanalytic threats.

Ericberto Mariscal says

30 years from now a symmetric key will be considered strong if it’s 130 bits in length, as adding a bit per year doubles the number of keys. If we consider 2^n/2 to estimate the effort required to brute-force- a key, where n is the number of bits in the key. This exponential growth in key combinations underscores why cryptographic strength increases with each additional bit. It’s an ongoing race between technological advancements and the need for stronger security given the anticipated growth in processing power.

Neel Patel says

Hi Eric – I was struggling at first to understand this concept through the reading. However, you concisely summarized it in a way that deepened my understanding. The current standard for a strong key is 128 bits, but do you think the standard would need to increase over the next decades?

Ericberto Mariscal says

Hi Neel,

Thank you for your comment and question! I do believe that the standard for strong encryption keys will need to be increased in the coming decades. As computing power continues to advance, what is currently considered secure at the moment may not be considered as so in the future. Evolving technology as well as increased sophistication in attacks will warrant the standards to be strengthened.

Brittany Pomish says

You bring up a good point about the ongoing race. It seems like a delicate balance between advancements, necessity, and practicality.

Cyrena Haynes says

Since the processing speed of microprocessors roughly doubles every year, computing power in 30 years will be exponentially greater than today. Each additional bit added to a key double the number of possible key combinations, significantly increasing the time required to crack the encryption through brute force. Today, a 100-bit key is considered strong enough, but with computing power increasing at this exponential rate, key lengths will need to increase substantially to keep up with decryption capabilities. Assuming continued advances, symmetric keys will likely need to be around 130 to 160 bits long in 30 years to maintain the same level of security.

Vincenzo Macolino says

Cyrena, I agree that within 30 years a 130 to 160 bit key will be needed to provide an equivalent level of security to a 100 bit key today. However this is assuming that traditional computing advances the way that it has, if for some reason computing capabilities become more accessible then what new encryption methods would we need to develop as a result?

Vincenzo Macolino says

In 30 years, a symmetric key of 130 bits will be needed to achieve the same level of security as a 100-bit key provides today. For a symmetric key encryption, every additional bit in the key doubles the number of possible key combinations. This means that each time we increase the key length by 1 bit, we are making it twice as hard for an adversary to brute-force the key. Therefore, if we need a symmetric key of 100 bits now, in 30 years we will need 130 bits as the number of key combinations doubles each year.

Tache Johnson says

Hi Vincenzo, i like how you explained the increasing bits exponentially boosts security by doubling possibilities. It’s amazing how rapidly computing power advances and how encryption must stay up. Do you believe alternate encryption technologies will replace key length increases?

Brittany Pomish says

Today a 100-bit key is considered strong. To maintain the same level of security in 30 years, a symmetric session key will need to be 130 bits long. Each additional bit in the key length doubles the number of possible keys, making encryption harder to break in 30 years. Over 30 years, the processing speed will double 30 times. In order to keep encryption secure, you will need to add 30 bits.

Neel Patel says

The strength of a symmetric session key doubles with each extra bit. This means it takes twice as long to decrypt for each additional unit. If the processing speed of the microprocessors doubles each year, then in 30 years, the processors will be roughly a billion times faster. To go against this increase in speed, the key length would need to increase by about 30 additional bits, so a 130-bit to 160-bit key would be sufficient in security for 30 years.

Andrea Baum says

As computers get faster every year, they can try more possible keys in a brute force attack, making it easier to break shorter keys over time. Currently, a 100 bit key is strong enough, but in 30 years, computers will be over a billion times faster. Adding one bit to the key doubles the possible combinations, so we’ll need to add 30 extra bits to keep up with this increase. This means that in 30 years, a secure key will need to be 130 bits long.

Benjamin Rooks says

Assuming that quantum computing does not become a thing and that Moore’s law continues to hold true, something that actually seems to be slowing down. Then microprocessors will be able to more quickly deploy a brute force attack. fortunately for us though while processing power needs to double in order to make something easier to crack, we only need to add one additional bit in order to double the amount of permutations needed to try all keys. So if we assume that the computing power just continues to double and does not increase at a faster or slower rate then expected, 30 more bits will need to be added in 30 years to keep the same level of security.

Christopher Williams says

Good points Ben, I agree that adding just one bit can effectively double the security strength, even as processing power doubles. And you’re right, if Moore’s Law starts slowing down, it may give us more time before we need to worry about adding those extra bits.

Benjamin Rooks says

It does seem to be slowing down from what I can tell. Honestly it seems like the biggest issues we’re running into currently that are hindering computing power are, well the power. Google and Microsoft are currently building and starting up entirely new nuclear reactors in order to compensate for the power draw of AI.

Aisha Ings says

In 30 years, a symmetric encryption key will need to be at least 130 bits long to be considered strong. With processor speeds doubling each year, an additional bit will be required annually to maintain security. Currently, a 100-bit key is strong, but to match this level of security in 30 years, we’ll need an additional 30 bits, resulting in a 130-bit key that offers equivalent protection.

Tache Johnson says

In 30 years… with processing power doubling annually, we’d expect decryption capabilities to be faster than today. To counteract this increase, a symmetric session key would need to add 30 bits to maintain its strength, making it 130 bits. Each additional bit doubles the time required to crack the key, effectively matching the growth in decryption speed. Computing power is advancing quickly with the potential impact of quantum computing it this raises questions about whether simply increasing key length will be enough. While a 130 bit key might work in the near future, encryption techniques may need to evolve to uphold new processing capabilities. Maybe we should start looking beyond just key length, and consider alternative encryption methods better suited to future advancements

Nelson Ezeatuegwu says

Hi Tache

You made a good point on the potential impacts of quantum computers on symmetric encryption, quantum computers are not expected to significantly impact the security of symmetric encryption, as long as the keys are large enough, for instance the Advanced Encryption Standard (AES) algorithm is considered quantum-safe when used with a 256-bit key. Organizations can also use MFA for accessing keys, it add another layer of security.

Gbolahan Afolabi says

Using the 2^n/2 formula where n = 30, a symmetric key would need to be 130 bits long to be considered strong assuming current trajectory in technological advancement. However, the solution should not only be adding more bits but should focus on researching and creating newer cryptographic methods. As processors become stronger and more efficient, the goal need to be more complex methods, not longer keys.

Aisha Ings says

HI GB:

It’s true that focusing on innovative cryptographic methods is important for long-term security. As you mentioned, stronger processors call for more sophisticated approaches rather than just lengthier keys. New encryption techniques will be critical in staying ahead of potential vulnerabilities. Great point on emphasizing complexity over size!

Dawn Foreman says

If a symmetric encryption key is considered strong at 100 bits today and speed is doubling each year, we will need to add one bit for each year to remain strong, In 30 years, 130 bits woud be considered strong. Adding one bit, adds more permutations which will stil increase the difficuty for hackers.