cleversafe says: 3 Reasons Why Encryption is Overrated

Jerry Leichter leichter at lrw.com
Sun Aug 9 21:48:45 EDT 2009 

> 3.  Cleversafe should really tone down the Fear Uncertainty and  
> Doubt about today's encryption being mincemeat for tomorrow's  
> cryptanalysts.  It might turn out to be true, but if so it will be  
> due to cryptanalytic innovations more than due to Moore's Law.  And  
> it might not turn out like that -- perhaps AES-256 will remain safe  
> for centuries.  Also, Cleversafe's product is not more secure than  
> any other product against this threat.
Since people do keep bringing up Moore's Law in an attempt to justify  
larger keys our systems "stronger than cryptography," it's worth  
keeping in mind that we are approaching fairly deep physical limits.   
I wrote about this on this list quite a while back.  If current  
physical theories are even approximately correct, there are limits to  
how many "bit flips" (which would encompass all possible binary  
operations) can occur in a fixed volume of space-time.  You can turn  
this into a limit based solely on time through the finite speed of  
light:  A computation that starts at some point and runs for n years  
can't involve a volume of space more than n light years in radius.   
(This is grossly optimistic - if you want the results to come back to  
the point where you entered the problem, the limit is n/2 light years,  
which has 1/8 the spacial volume).  I made a very approximate guess at  
how many bit-flips you could get in a time-space volume of a 100 light- 
year sphere; the answer came out somewhere between 2^128 and 2^256,  
though much closer to the former.  So physical limits prevent you from  
doing a brute force scan - in fact, you can't even enumerate all  
possible keys - in 100 years for key lengths somewhere not much more  
than 128 bits.

It's rather remarkable that such fundamental limits on computation  
exist at all, but physics over the last 100 years - and especially  
over the last couple of decades - has increasingly shown us that the  
world is neither continuous nor infinite; it has solid finite limits  
on almost everything.  Even more remarkable is that we've pretty much  
reached some of those limits.  For any recently designed cryptosystem,  
brute force is simply out of the question, and will remains so forever  
(unless we are very much mistaken about physics).  Moore's Law as a  
justification for using "something more" makes no sense.

As you point out, the story for advances in cryptographic theory is  
much more complex and impossible to predict.  That cryptographic  
advances would render the "safer" AES-256 at risk while AES-128  
remains secure (for now) is something no one could have predicted,  
though in retrospect some of the concerns about the key scheduling may  
have been right.  All the protocols and standards out there calling  
for AES-256 - it's obviously "better" than AES-128 because after all  
256 is *twice as large* as 128! - were just a bunch of nonsense.  And,  
perhaps, dangerous nonsense.
                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list