Stay in touch with EE Times India

EE Times-India > Embedded

Embedded

# Is AES safe enough against brute force attacks?

Posted: 22 May 2012     Print Version

Keywords:computer security  128bit symmetric key. Advanced Encryption Standard

Notice the exponential increase in possible combinations as the key size increases. "DES" is part of a symmetric cryptographic algorithm with a key size of 56 bits that has been cracked in the past using brute force attack.

There is also a physical argument that a 128bit symmetric key is computationally secure against brute-force attack. Just consider the following:

Faster supercomputer (as per Wikipedia): 10.51 Pentaflops = 10.51 x 1015 Flops [Flops = Floating point operations per second]

No. of Flops required per combination check: 1000 (very optimistic but just assume for now)
No. of combination checks per second = (10.51 x 1015) / 1000 = 10.51 x 1012No. of seconds in one Year = 365 x 24 x 60 x 60 = 31536000
No. of Years to crack AES with 128bit Key = (3.4 x 1038) / [(10.51 x 1012) x 31536000]

= (0.323 x 1026)/31536000
= 1.02 x 1018
= 1 billion billion years

 Table 2: Time to crack cryptographic key versus key size.

As shown in table 2, even with a supercomputer, it would take 1 billion billion years to crack the 128bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years). If one were to assume that a computing system existed that could recover a DES key in a second, it would still take that same machine approximately 149 trillion years to crack a 128bit AES key.

There are more interesting examples. The following snippet is a snapshot of one the technical papers from Seagate titled "128bit versus 256bit AES encryption" to explain why 128bit AES is sufficient to meet future needs.

If you assume:

• Every person on the planet owns 10 computers.
• There are 7 billion people on the planet.
• Each of these computers can test 1 billion key combinations per second.
• On average, you can crack the key after testing 50% of the possibilities.

Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years!

The bottom line is that if AES could be compromised, the world would come to a standstill. The difference between cracking the AES-128 algorithm and AES-256 algorithm is considered minimal. Whatever breakthrough might crack 128bit will probably also crack 256bit.

In the end, AES has never been cracked yet and is safe against any brute force attacks contrary to belief and arguments. However, the key size used for encryption should always be large enough that it could not be cracked by modern computers despite considering advancements in processor speeds based on Moore's law.

Mohit Arora is a Sr. Systems engineer and Security Architect at Freescale Semiconductor. He is responsible for product and architecture definition for 32bit industrial and general-purpose parts. "Embedded Security" is one of his main expertise and focus areas and he also leads the Security IP Asset team in Automotive Industrial and Solution Group. He holds more than 35 publications and is also the author of the book "The Art of Hardware Architecture".

1 • 2

 Related Articles Editor's Choice
Comment on "Is AES safe enough against brute for..."
Comments: *  You can enter [0] more charecters.

Top Ranked Articles

Webinars

Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Search EE Times India
Services

﻿