[Cryptography] ratcheting DH strengths over time

Kyle Rose krose at krose.org
Mon Nov 16 11:19:40 EST 2015


> So, how does one automatically upgrade not only the strength of the
> asymmetric subsystem but also the symmetric ciphers and hashes in use?

Relative security margin at some point in the future is always going
to be a guess. Quantum computers will, for instance, have an outsized
impact on the security of DH, but should have no appreciable impact on
the security of AES, which will decay at a different rate; and the
actual rates of decay of both are completely unknown at this point,
and furthermore likely to be very bursty for both.

This guess isn't completely blind, however, and so if you have some
information that needs to remain secret for 20 years, the best you can
probably do is to look at current developments in crypto and number
theory research and choose primitives that are likely still to be very
hard to break 20 years from now. You'll probably be right on some of
them and wrong on others, but you literally can't do any better
because you can't predict the future.

Kyle


More information about the cryptography mailing list