Encryption now and in the future by Lars Ramkilde Knudsen, DTU
14
Encryption now and in the future Lars Ramkilde Knudsen Professor @ DTU Chief Cryptographer @ Dencrypt
-
Upload
infinit-innovationsnetvaerket-for-it -
Category
Technology
-
view
582 -
download
1
description
The presentation was given at the Digital Threats and Solutions conference held by InfinIT on 20 March 2014.
Transcript of Encryption now and in the future by Lars Ramkilde Knudsen, DTU
Encryption now and in the future
Lars Ramkilde Knudsen
Professor @ DTUChief Cryptographer @ Dencrypt
20/03-2014Lars R. Knudsen www.dencrypt.dk2 DTU Compute, Technical University of Denmark
About me
• 2001 Professor, DTU, Denmark
• 1999 Professor, University of Bergen, Norway
• 1994 PhD in cryptography, Aarhus University
• Co-designer of Serpent, Grøstl, Present
• Many contributions in cryptanalysis
• Heavily involved in the AES process
20/03-2014Lars R. Knudsen www.dencrypt.dk3 DTU Compute, Technical University of Denmark
Outline
• Encryption
– AES
– RSA
• State of the art cryptanalysis
• “New” cryptanalysis
• Encryption in the future ?
20/03-2014Lars R. Knudsen www.dencrypt.dk4 DTU Compute, Technical University of Denmark
Symmetric encryption
20/03-2014Lars R. Knudsen www.dencrypt.dk5 DTU Compute, Technical University of Denmark
Symmetric encryption
Name Standard since
Designed around
DES: Data Encryption Standard 1977 1974 ?
AES: Advanced Encryption Standard 2001 1996
RC4 (not a standard) “Public” since 1994
1987
SHA-1 1993 1991 ?
20/03-2014Lars R. Knudsen www.dencrypt.dk6 DTU Compute, Technical University of Denmark
Public-key encryption
20/03-2014Lars R. Knudsen www.dencrypt.dk7 DTU Compute, Technical University of Denmark
Public-key encryption
Name Relying on difficulty of
Designed around
Comment
RSA Factoring 1977 De facto standard
El-Gamal Discrete logarithm in Zp
1985 Used for signatures
Elliptic curves Discrete logarithm in EC
1985 Attractive, short keys
Diffie-Hellman DH-problem in Zp 1976 Classic
20/03-2014Lars R. Knudsen www.dencrypt.dk8 DTU Compute, Technical University of Denmark
State-of-the art cryptanalysis of AES
Algorithm Number of rounds
AES-128 10
AES-192 12
AES-256 14
Number of rounds
Year Comment
6 1997 “Practical”
7 2000/2008 Not practical
8 2008 Not practical
9 2014 Not practical
( 10 2011 Biclique )
( 11 2009 Related keys)
20/03-2014Lars R. Knudsen www.dencrypt.dk9 DTU Compute, Technical University of Denmark
State-of-the-art, factoring RSA numbers
1985 1990 1995 2000 2005 2010 20150
100200300400500600700800900
Factoring RSA numbers
Factoring RSA numbers
20/03-2014Lars R. Knudsen www.dencrypt.dk10 DTU Compute, Technical University of Denmark
RSA key sizes used now
www Public-key Hash Size of keys
SAS RSA SHA-1 2048
Facebook RSA SHA-1 2048
IACR RSA SHA-1 2048
EFF RSA SHA-1 4096
20/03-2014Lars R. Knudsen www.dencrypt.dk11 DTU Compute, Technical University of Denmark
RSA versus AES, effective key lengths
RSA modulo in bits Effective key length
1024 86
2048 116
4096 156
AES Effective key length
AES-128 128
AES-192 192
AES-256 256
20/03-2014Lars R. Knudsen www.dencrypt.dk12 DTU Compute, Technical University of Denmark
How much can “they” break ?
Traditional cryptanalysis– AES: I don’t know, but design almost 20 years old..– RSA: more is known about factoring than what is
publicly available
We have learned that practical breaks also include to– Steal or find the key– Exploit non-randomness in keys– Exploit bad implementations (software and hardware)
20/03-2014Lars R. Knudsen www.dencrypt.dk13 DTU Compute, Technical University of Denmark
Cryptography in the future
Conventional crypto-security principles• Kerckhoffs’ principle • Standard algorithms, old algorithms…. • Public keys can be made public
New crypto-security principles• Dynamic encryption, ignoring Kerckhoffs• Trust the cryptographers, use newer systems• Public keys do not have to be public• Mind your random numbers
20/03-2014Lars R. Knudsen www.dencrypt.dk14 DTU Compute, Technical University of Denmark
Thank you for your attention
