Thursday, June 21, 2012

Stop worrying about the "923-bit encryption" press release

The popular press usually gets crypto stuff wrong, but this time I can't find anybody within even a mile of the truth. Fujitsu et al released a press release a few days ago with the breathless title "Fujitsu Laboratories, NICT and Kyushu University Achieve World Record Cryptanalysis of Next-Generation Cryptography"

It's unfortunate that they chose to take this approach, because all their misleading yet juicy quotes are leading to a lot of popular press articles that mangle the truth even further, leading to the popular and mistaken impression that nobody actually knows how to keep anything safe using crypto, whereas the truth is that there are quite a few well-established and secure practices that work great and that most people just can't be bothered to follow.

Here's what's actually going on:

Pairing-based crypto is a tiny little branch of security that's interesting to researchers (it was needed for my dissertation), which is probably why it's so hard to get the story straight, and it's not in common use in any commercial product I'm aware of.

The most common thing the press gets wrong in these kinds of articles is making claims about security in terms of key lengths.  There are two main branches of modern crypto: private (symmetric) key and public (asymmetric) key.  They're usually used together, and while they both use keys, symmetric crypto uses much shorter keys than public-key crypto does.  For a secure symmetric cipher like AES, a 128-bit key is plenty long, and for a secure public key algorithm like RSA, 2048-bits is plenty long.

In this case, pairing-based crypto is a third kind of animal, and its security and key lengths don't have any bearing on either public or private key algorithms.

So the bottom line is that it's a very interesting research result, with absolutely no impact on the crypto people actually use (which is almost always what we can safely assume when the press gets breathless about some new research result).