The 56-bit Data Encryption Standard (DES) has now been replaced with the Advanced Encryption Standard (AES), which provides at least 128 bits of security and a scaleable key size that solves the demand for stronger security. However, a stronger algorithm like AES demands equivalent security for the accompanying digital signatures and key exchanges. Otherwise, AES can be compromised through the weaker security of public-key cryptography.
According to the National Institute of Standards and Technology (NIST), keys for symmetric ciphers such as AES must be matched in strength by public key algorithms such as RSA and Elliptic Curve Cryptography (ECC). For example a 128-bit AES key demands a 3072-bit RSA key while 256-bit AES demands an RSA key size of 15,360 bits for equivalent security. Clearly, 15,360 bits would bring almost any system to its knees since key size is directly related to computing resources.
Fortunately, ECC scales linearly with AES and maintains relatively compact key sizes at all security levels. ECC keys by comparison are only 512 bits for 256-bit AES and therefore do not hinder performance. AES, used in conjunction with ECC, allows for high security solutions that do not impact performance even on constrained devices such as PDAs and cell phones where computing power is only a fraction of what’s available on a desktop.
AES was selected through a public process that was in fact a contest conducted by the NIST, the US Government’s official standards organization. Fifteen candidates submitted symmetric encryption algorithms that met NIST requirements. Five of these contestants made it into the AES finals. The five finalists were all regarded to have similar security, but the submission from Rijndael was selected to become AES as it offered the best performance across all architectures.
In fact, NIST now specifies AES in the document Federal Information Processing Standard (FIPS) 197 (http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf), as the new standard for symmetric encryption. AES succeeds DES and Triple-DES, which are symmetric encryption algorithms that provide 56 and 112 bits of security, respectively, that were formerly approved for use by US government organizations.
To date, AES remains the only symmetric encryption algorithm providing at least 128 bits of security that is approved for use by US government organizations to protect sensitive, unclassified information. AES comes in three security strengths: 128 bits, 192 bits and 256 bits. The 128-bit strength should provide at least 30 years of protection. The higher strengths are available for even greater protection.
Surprisingly, not only does AES provide more security than 3DES, it also delivers better performance. Better performance and better security make AES a highly attractive alternative to 3DES and a good choice for symmetric encryption algorithm going forward.
Public Key Systems for AES
Symmetric-key cryptography algorithms are very fast but not that versatile. Key management with only symmetric-key algorithms is very difficult and non-repudiation is unattainable. Asymmetric-key cryptography, also known as public-key cryptography, resolves these problems. Public-key cryptography also provides digital signatures for non-repudiation and key agreement techniques that greatly simplify key management. Today, there are three types of public-key cryptographic systems that can be considered secure and efficient. These systems, classified according to the mathematical problem on which they are based, are: Integer Factorization systems (of which RSA is the best known example), Discrete Logarithm systems (such as the US Government’s DSA), and the Elliptic Curve Cryptosystem. The two major benchmarks when comparing these systems are security and efficiency.
As shown in Table 1, at all levels of security including 128 bits, ECC has smaller public key sizes than both RSA and DSA/DH. Because of its smaller key size, ECC outperforms both RSA and DSA/DH for most routine operations while offering comparable levels of security. The reason is that ECC provides greater efficiency in terms of computational overheads, key sizes and bandwidth. In implementations, these savings mean higher speeds, lower power consumption, and code size reductions. The gap between systems grows as the key sizes increase which is especially relevant to implementations of AES.
The performance advantage of ECC for AES would be all for naught if there was not widespread employment of the system in standards. ECC is a public-key cryptography technique approved for digital signatures used by the US Government, as specified by NIST in its publication FIPS 186-2. Organizations such as ANSI, IETF, ISO and IEEE have also endorsed ECC as a public-key cryptography standard.
The Advanced Encryption Standard has set a new bar for secure systems for years to come. The security of the public-key system must match AES. The NIST guidelines demonstrate that ECC’s key sizes scale perfectly with AES while the other systems clearly do not. The future of Internet security standards such as SSL/TLS, S/MIME and IKE/IPSec depends on public key systems that match the security of AES and offer performance that does not impact the user. ECC delivers the highest strength-per-bit of any public key cryptography known today.
FAQs
By proactively adopting quantum-resistant cryptography, we can safeguard sensitive information from future quantum threats, ensuring the security of both current and historically stored digital communications and maintaining the integrity of digital infrastructure.
What is the impact of cryptographic failures select the 4 correct answers? ›
The impact of a cryptographic failure is not limited to stealing a piece of information from/of a user. Attackers can get hold of a complete database having thousands of sensitive information, data theft, public listing, breaches, and many critical problems with business-related data.
What is the hardest cryptography to crack? ›
AES 256-bit encryption is the strongest and most robust encryption standard that is commercially available today. While it is theoretically true that AES 256-bit encryption is harder to crack than AES 128-bit encryption, AES 128-bit encryption has never been cracked.
Will quantum computers break cryptography? ›
Researchers typically estimate that it will be many years until quantum computers can crack cryptographic keys—the strings of characters used in an encryption algorithm to protect data—faster than ordinary computers.
Is cryptography enough for security? ›
Physical Access: While encryption can protect data from unauthorized access over networks or in case of device theft, it may prove insufficient once physical access to the storage device is obtained. Determined individuals with sophisticated tools can potentially recover encrypted data, compromising its security.
What is the real future of crypto? ›
Analysts estimate that the global cryptocurrency market will more than triple by 2030. This all leads to one big trend. Cryptocurrency, once only understood among a relatively fringe community of anti-establishment investors, is now becoming a household name – and quickly.
Why is cryptography so difficult? ›
Cryptography blends several areas of mathematics: number theory, complexity theory, information theory, probability theory, abstract algebra, and formal analysis, among others. Few can do the science properly, and a little knowledge is a dangerous thing: inexperienced cryptographers almost always design flawed systems.
Why is cryptography bad? ›
Obstructed Search and Indexing: Internal search engines cannot index, search for, or retrieve data across encrypted documents. Full and pervasive encryption essentially makes them ineffective, significantly slowing down organizational workflows and making searching across data troves virtually impossible.
What are 4 key cryptography pillars? ›
Core concepts related to information security (data confidentiality, data integrity, authentication, and non-repudiation) are also central to cryptography.
What is the most complex secret code? ›
The Vigenère cipher is one of the most difficult codes to decipher. Crypto analysts love this type of ciphers. It works like an encryption, where a secret key word is converted using another (clear) text. This conversion is done in a large table with the alphabet both horizontally and vertically.
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked, but requires the use of a single-use pre-shared key that is larger than or equal to the size of the message being sent. In this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad).
Why did NASA stop quantum computing? ›
The abrupt shutdown of NASA's quantum computing project was triggered by an unforeseen incident during a routine test. During the analysis of a complex simulation, the quantum computer demonstrated unprecedented computational power, solving a previously intractable problem.
How long would it take a quantum computer to crack AES-256? ›
A 256-bit encryption is considered to be highly secure and it would take classical computers millions of years to crack it. However, quantum computers could potentially crack this level of encryption in mere seconds or minutes.
How long does it take for a quantum computer to crack a password? ›
That same traditional computer would take 34,000 years to crack a password that was 12 characters and consisted of at least one upper case character, one number, and one symbol. To sum that up: password – cracked instantly. PassWorD – cracked in 22 minutes.
Are cryptographers in high demand? ›
These professionals are in demand wherever national security and encryption are paramount, as they contribute their expertise to protect sensitive information across diverse industries.
Is cryptography a growing field? ›
As a result of these growing threats, entities across the private and public sectors are in need of more cyberdefense experts like cryptographers. The U.S. Bureau of Labor Statistics (BLS) projects that a host of computer and information technology occupations will experience robust growth over the next decade.
Is cryptography a good career? ›
If you enjoy puzzles and problem-solving and possess strong math and computer skills, a career in cryptography might be a good fit. Paths to becoming a cryptographer include education, experience, and certification.
Does cryptography pay well? ›
Cryptography is an incredibly demanding career. Cracking data codes takes time, dedication, and skill. For that reason, a cryptographer's salary is reasonably high, even when you take an average across various states. The average cryptographer's salary varies between $125,000 and 145,000.
