Artificial intelligence in the post-deep learning era
Encryption Past, Present and Future
1. Encryption now and in the future
Lars Ramkilde Knudsen
Professor @ DTU
Chief Cryptographer @ Dencrypt
2. 20/03-2014Lars R. Knudsen www.dencrypt.dk2 DTU Compute, Technical University of Denmark
About me
• 2001 Professor, DTU, Denmark
• 1999 Professor, University of Bergen, Norway
• 1994 PhD in cryptography, Aarhus University
• Co-designer of Serpent, Grøstl, Present
• Many contributions in cryptanalysis
• Heavily involved in the AES process
3. 20/03-2014Lars R. Knudsen www.dencrypt.dk3 DTU Compute, Technical University of Denmark
Outline
• Encryption
– AES
– RSA
• State of the art cryptanalysis
• “New” cryptanalysis
• Encryption in the future ?
4. 20/03-2014Lars R. Knudsen www.dencrypt.dk4 DTU Compute, Technical University of Denmark
Symmetric encryption
5. 20/03-2014Lars R. Knudsen www.dencrypt.dk5 DTU Compute, Technical University of Denmark
Symmetric encryption
Name Standard
since
Designed
around
DES: Data Encryption Standard 1977 1974 ?
AES: Advanced Encryption Standard 2001 1996
RC4 (not a
standard)
“Public”
since 1994
1987
SHA-1 1993 1991 ?
6. 20/03-2014Lars R. Knudsen www.dencrypt.dk6 DTU Compute, Technical University of Denmark
Public-key encryption
Message MessageEncryption Decryption
Public-key encryption
%AC&@9^(
7. 20/03-2014Lars R. Knudsen www.dencrypt.dk7 DTU Compute, Technical University of Denmark
Public-key encryption
Name Relying on
difficulty of
Designed
around
Comment
RSA Factoring 1977 De facto
standard
El-Gamal Discrete logarithm
in Zp
1985 Used for
signatures
Elliptic curves Discrete logarithm
in EC
1985 Attractive,
short keys
Diffie-Hellman DH-problem in Zp 1976 Classic
8. 20/03-2014Lars R. Knudsen www.dencrypt.dk8 DTU Compute, Technical University of Denmark
State-of-the art cryptanalysis of AES
Algorithm Number of rounds
AES-128 10
AES-192 12
AES-256 14
Number of
rounds
Year Comment
6 1997 “Practical”
7 2000/2008 Not practical
8 2008 Not practical
9 2014 Not practical
( 10 2011 Biclique )
( 11 2009 Related keys)
10. 20/03-2014Lars R. Knudsen www.dencrypt.dk10 DTU Compute, Technical University of Denmark
RSA key sizes used now
www Public-key Hash Size of keys
SAS RSA SHA-1 2048
Facebook RSA SHA-1 2048
IACR RSA SHA-1 2048
EFF RSA SHA-1 4096
11. 20/03-2014Lars R. Knudsen www.dencrypt.dk11 DTU Compute, Technical University of Denmark
RSA versus AES, effective key lengths
RSA modulo in bits Effective key length
1024 86
2048 116
4096 156
AES Effective key length
AES-128 128
AES-192 192
AES-256 256
12. 20/03-2014Lars R. Knudsen www.dencrypt.dk12 DTU Compute, Technical University of Denmark
How much can “they” break ?
Traditional cryptanalysis
–AES: I don’t know, but design almost 20 years old..
–RSA: more is known about factoring than what is
publicly available
We have learned that practical breaks also include to
–Steal or find the key
–Exploit non-randomness in keys
–Exploit bad implementations (software and hardware)
13. 20/03-2014Lars R. Knudsen www.dencrypt.dk13 DTU Compute, Technical University of Denmark
Cryptography in the future
Conventional crypto-security principles
• Kerckhoffs’ principle
• Standard algorithms, old algorithms….
• Public keys can be made public
New crypto-security principles
• Dynamic encryption, ignoring Kerckhoffs
• Trust the cryptographers, use newer systems
• Public keys do not have to be public
• Mind your random numbers
14. 20/03-2014Lars R. Knudsen www.dencrypt.dk14 DTU Compute, Technical University of Denmark
Thank you for your attention