Encryption now and in the future by Lars Ramkilde Knudsen, DTU

  • 453 views
Uploaded on

The presentation was given at the Digital Threats and Solutions conference held by InfinIT on 20 March 2014.

The presentation was given at the Digital Threats and Solutions conference held by InfinIT on 20 March 2014.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
453
On Slideshare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
7
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Encryption now and in the future Lars Ramkilde Knudsen Professor @ DTU Chief Cryptographer @ Dencrypt
  • 2. 20/03-2014Lars R. Knudsen www.dencrypt.dk2 DTU Compute, Technical University of Denmark About me • 2001 Professor, DTU, Denmark • 1999 Professor, University of Bergen, Norway • 1994 PhD in cryptography, Aarhus University • Co-designer of Serpent, Grøstl, Present • Many contributions in cryptanalysis • Heavily involved in the AES process
  • 3. 20/03-2014Lars R. Knudsen www.dencrypt.dk3 DTU Compute, Technical University of Denmark Outline • Encryption – AES – RSA • State of the art cryptanalysis • “New” cryptanalysis • Encryption in the future ?
  • 4. 20/03-2014Lars R. Knudsen www.dencrypt.dk4 DTU Compute, Technical University of Denmark Symmetric encryption
  • 5. 20/03-2014Lars R. Knudsen www.dencrypt.dk5 DTU Compute, Technical University of Denmark Symmetric encryption Name Standard since Designed around DES: Data Encryption Standard 1977 1974 ? AES: Advanced Encryption Standard 2001 1996 RC4 (not a standard) “Public” since 1994 1987 SHA-1 1993 1991 ?
  • 6. 20/03-2014Lars R. Knudsen www.dencrypt.dk6 DTU Compute, Technical University of Denmark Public-key encryption Message MessageEncryption Decryption Public-key encryption %AC&@9^(
  • 7. 20/03-2014Lars R. Knudsen www.dencrypt.dk7 DTU Compute, Technical University of Denmark Public-key encryption Name Relying on difficulty of Designed around Comment RSA Factoring 1977 De facto standard El-Gamal Discrete logarithm in Zp 1985 Used for signatures Elliptic curves Discrete logarithm in EC 1985 Attractive, short keys Diffie-Hellman DH-problem in Zp 1976 Classic
  • 8. 20/03-2014Lars R. Knudsen www.dencrypt.dk8 DTU Compute, Technical University of Denmark State-of-the art cryptanalysis of AES Algorithm Number of rounds AES-128 10 AES-192 12 AES-256 14 Number of rounds Year Comment 6 1997 “Practical” 7 2000/2008 Not practical 8 2008 Not practical 9 2014 Not practical ( 10 2011 Biclique ) ( 11 2009 Related keys)
  • 9. 20/03-2014Lars R. Knudsen www.dencrypt.dk9 DTU Compute, Technical University of Denmark State-of-the-art, factoring RSA numbers 0 100 200 300 400 500 600 700 800 900 1985 1990 1995 2000 2005 2010 2015 Factoring RSA numbers Factoring RSA numbers
  • 10. 20/03-2014Lars R. Knudsen www.dencrypt.dk10 DTU Compute, Technical University of Denmark RSA key sizes used now www Public-key Hash Size of keys SAS RSA SHA-1 2048 Facebook RSA SHA-1 2048 IACR RSA SHA-1 2048 EFF RSA SHA-1 4096
  • 11. 20/03-2014Lars R. Knudsen www.dencrypt.dk11 DTU Compute, Technical University of Denmark RSA versus AES, effective key lengths RSA modulo in bits Effective key length 1024 86 2048 116 4096 156 AES Effective key length AES-128 128 AES-192 192 AES-256 256
  • 12. 20/03-2014Lars R. Knudsen www.dencrypt.dk12 DTU Compute, Technical University of Denmark How much can “they” break ? Traditional cryptanalysis –AES: I don’t know, but design almost 20 years old.. –RSA: more is known about factoring than what is publicly available We have learned that practical breaks also include to –Steal or find the key –Exploit non-randomness in keys –Exploit bad implementations (software and hardware)
  • 13. 20/03-2014Lars R. Knudsen www.dencrypt.dk13 DTU Compute, Technical University of Denmark Cryptography in the future Conventional crypto-security principles • Kerckhoffs’ principle • Standard algorithms, old algorithms…. • Public keys can be made public New crypto-security principles • Dynamic encryption, ignoring Kerckhoffs • Trust the cryptographers, use newer systems • Public keys do not have to be public • Mind your random numbers
  • 14. 20/03-2014Lars R. Knudsen www.dencrypt.dk14 DTU Compute, Technical University of Denmark Thank you for your attention