128 Bit or 256 Bit Encryption? - Computerphile

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today we're going to ask a question when is 128 bits of encryption 128 bits of encryption what does that mean is that good right you know will a quantum computer affect this there's only a few years ago used to say military-grade I mean we all using military-grade encryption very much so if you're using 256 bit AES it's slightly more minute or even than 128 but if you're using a hump rate don't feel bad you're still doing absolutely fine on a very very simple level for a symmetric cipher that is a cipher where we use the same key for both encryption and decryption so we're not talking about public key right there what we usually mean when we say 128 bit is the length of the key we don't tend to talk about block size particularly so 128 bit AES is a AES with 128 bit key you also have 192 and 256 bit variants of AES they have the same block size but the key gets longer I have a number of rounds changes the reason we talk about the key length particularly is because if the cipher is good the key is a bit you don't know the key is a bit you're going to have to guess so for 128 bit block cipher you might have to brute-force through 2 to the power of 128 different keys that's a lot of keys you might get lucky you might get it halfway through in which cases to to 127 but I have a way it's not a picnic like that is years and years and years of work right much too much work even for the world's fastest supercomputer because to 128 is a lot bigger than you think this only gets harder if we make these keys bigger so 2 to the 192 operations or 2 to the 256 which is the number so unimaginably large that let's just not even worry about it if your encryption is using a key that's 2 to 256 long and there isn't another issue with your cipher right so the security base is based entirely on the key then that is not brute forcible in it in any sense we're in the next 10 years within the next 30 years it's good for us if I is the case so which of these should be used well I mean intuitively 256 bit right but actually 128 bit is currently out of reach of any attacks but it's always a slightly more complicated in this what we also talk about is maybe the security of an algorithm itself maybe there's something in the album but isn't quite as secure as the key itself so maybe it wouldn't take to to 128 operations to solve it let's say I've written a cipher that's got 128-bit key it may not have 128 bits of security which is to say it would take this many operations to solve and that why because my ciphers not very good maybe it doesn't mix up things enough or it doesn't permute enough I don't know I designed it it's not going to be very good so you might find that an attack or a break on something like a AES what it's doing is not telling me how to solve that problem it's just reducing this number so maybe there's an attack on AES that brings it from 2 to 128 down to 2 to the 125 or something like that now that is many times faster than that but still totally out of reach right so that is what I would call an academic break which is to say we've technically found a weakness in the underlying our algorithm but it's not a weakness it affects me in my everyday life which arguably is what I care about most so we wanted a Singlish between the bit length of the key so when we say we've got 128-bit AES we were phone to the key but actually the level of security could be slightly lower depending on the our room I mean to use a really obvious example let's imagine I have an algorithm that just depends the key to the message doesn't do any encryption at all right that has a security of zero bits right because doesn't encrypt anything but it does have a nice 128-bit key for what it's worth hey not a very good example you get the idea if you've got some fundamental weaknesses in your cipher it's not going to take a full brute force to do it booooo forced is the absolute worst case for an attacker now this is slightly more confusing for public key cryptography so things like RSA and diffie-hellman right because they tend to have much much bigger keys so typical diffie-hellman or RSA key it's going to be somewhere between two oh four eight three oh seven two or four oh nine six bits easily a common size is now two factor and solve the RSA problem for a three thousand bit key it's roughly the same as brute forcing 128-bit good symmetric cipher right so those numbers obviously not even close to the same so the security margin in some sense of these is lower for a given key length right one of the reasons that elliptic curves so popular is they get us a little bit closer from here to here so an elliptic curve of 256 bits it's going to be roughly equivalent to the security of 128-bit AES or 3072 bit RSA now that's going to be quite a lot faster to compute so it's no longer about the length of the key in terms of bits it's about how many bits of security are we going to get and that means essentially two to the how many operations are we going to have to prove force through to guess or work out what's going on so how good is 128 bit or 192 or 256 bit and their equivalents well 2 to 128 bits is beyond any computer on earth exists but what you know it's the obvious question or the kinase coming coming without the new advent of quantum computing quantum computing right so one thing that's meant to make really clear about quantum computers is they are not simply a very fast regular computer you don't just run AES on a quantum computer much faster than you would do on a normal computer right and make your life easier you have specific algorithms that do specific jobs and the algorithm that makes breaking AES easier it's called Grover's algorithm it takes this hypothetically from 2 to 128 to 2 to the 64 now two to 64 is within reach so if a quantum computer exists that can break a AES using Grover's algorithm you're going to go from 128-bit security to 64-bit security that is a problem right if you go from 256 bit security to 2 to the 128th that's less of a problem because I've already just said that would be on reach of any computer right so symmetric is very resistant to quantum computers because all it does is half the key space and we can just double the key space does this quantum computer exist no will it exist soon not for at least 2025 years is what Robert told me when we asked it I mean I have no idea I don't develop these computers but certainly not anytime soon so public key cryptography like this 3000 bit RSA key for example that is much more affected by quantum computers Shor's algorithm will basically make this as trivial on a quantum computer as just encrypting using RSA would be on a Meg the computer that's not what you want right so if a giant quanta computer appears that can have this problem that same quantum computer could theoretically completely destroy RSA encryption and then we're falling back on password-based key derivation functions and symmetric encryption right that would be the first thing but there are cryptographers and mathematicians looking to create quantum resistant versions of public key algorithms of which some have been developed right so the chances are by the time such a machine exists we won't be using these because of the fact that they have this inherent weakness but I mean to be clear the they have not factored anywhere close to a 3,000 bit number with quantum computer yet right there's questions about whether that's possible because it's just a scale of the thing but even if it is it's not going to happen tomorrow right I mean it'll be quite amusing if we did and my video is panned as being horribly outdated day after release but this isn't going to happen anytime soon but a good news from our point of view is we're still going to get to to 128 bits of security from aes-256 which is why that's what's recommended for sort of long-term security for sort of 30 plus years all right let's say I'm encrypting my credit card details and sending him off to an online shop that credit card will have expired in two years so it is a honestly zero interest to me if you break my credit card details after that card has been expired all right you're welcome go go if your government or the NSA or GCHQ or someone who has top-secret documents that need to last for over 30 years then you should be worrying about whether you use two to 128 or to two to 256 you'll find actually if you go online based on Microsoft quit looking around most websites use 128-bit AES banks and stuff are using 256 I still I mean arguably that isn't necessary right now but there's no real reason for them not to right it's not that much slower these qubits can interact this guy can interact with this guy this guy can interact with this guy and these can interact with one another and every time we add a cubit if we were to add a circle here let's say we added this fourth qubit right here we noticed that every single one of them can now interact with it we have to draw lots of these lines

Info

Channel: Computerphile

Views: 228,967

Rating: 4.9707294 out of 5

Keywords: computers, computerphile, computer, science, University of Nottingham, Dr Mike Pound, Computer Science, Encryption, 256, 128, Symmetric, Public Key, AES, UHD, 4k

Id: pgzWxOtk1zg

Channel Id: undefined

Length: 8min 45sec (525 seconds)

Published: Fri Mar 13 2020