Recently The Washington Post and others – reported that the NSA is working to build a quantum computer so powerful that it could, according to the newspaper, “… break nearly every kind of encryption used to protect banking, medical, business and government records around the world.” We will explain what a quantum computer is in another blog post. Here we discuss how likely it is that the NSA is on the brink of cracking AES-256 or SSL 1028-bit encryption. The only way to decode encrypted data is to find the key used to encrypt the data.
The standard way to attack a well-formed key is by brute-force attack, which is what the NSA is planning to do with its new quantum computer, once it gets built. How difficult would that be? The Washington Post article sited an academic paper in which a team of mathematicians reported that they were able to factor a 768-bit RSA encryption key. That does not mean they were able to crack the encryption algorithm; it just means they were able to churn through a number of size 768 bits and determine its factors (the RSA encryption key is the product of two prime numbers. The only factors of the key are these prime numbers. Find one of these numbers and you can determine the encryption key.) These mathematicians reported that it took hundreds of computers working two years to do this. The paper also said that decrypting a 1024 bit number would be “about a 1,000 times harder.” Does their result threaten existing encryption? Not yet, but their paper gave an opinion that should cause concern. They wrote:
Because the first factorization of a 512-bit RSA modulus was reported only a decade ago, it is not unreasonable to expect that 1024-bit RSA moduli can be factored well within the next decade by an academic effort such as ours… Thus, it would be prudent to phase out usage of 1024-bit RSA within the next three to four years. Many organizations have already starting using RSA keys bigger than 1024 bits, at least for SSL. Here are some examples:
However, disk drives and cell phones are encrypted with much shorter keys. Most use some form of AES encryption. It could be AES128, AES192, or AES256, where the key sizes are 128, 192, 256 bits, respectfully. This suggests a stolen disk drive or cell phone could be decrypted, given sufficient time and computer power.
To understand how large that number is, think of where Google got its name: Googolplex. A Googolplex is 101000. The number of hydrogen atoms in the observable universe is 1080.
How long would it take a hundred computers to churn through that? We know from the paper cited above that is took that team of mathematicians two years to churn through something much smaller: 2768. So it would take much longer than that.
Jorge Borges was Argentina’s most famous poem and short-story writer. He imagined a book of 410 pages each with 40 lines each with 80 letters. Then he said imagine making a new book by varying each of these letters from a-z, the digits 0-9, and the space character. That works out to 251,312,000 books. Not only would such a collection of books contain your complete life story (remember it contains every possible combination of letters including spaces), it contains your parent’s complete life story, my life story, “War and Peace” (when several volumes are put together, since the book is bigger than 410 pages), plus every version of “War and Peace” that Tolstoy and his editors worked on until he had written the final published product. The irony of this is that one of Borges’s books would contain instructions for how to build their quantum computer the NSA needs to tackle this decryption problem. All they need to do is find it.