What does 128-bit encryption really mean?

Introduction

Everybody who has ordered something online will have experienced using the secure section of a website. Many sites advertise the fact they utilise 128-bit encryption to protect your personal details, but I suspect that to most people "128-bit" security means nothing. If you're one of these people, who has arrived here by a Google search, then this article is for you. In the next few paragraphs I explain what exactly 128-bit encryption means.

What does secure mean for a web-site?

When you're buying something over the web there are usually three security objectives that the web-site is hoping to achieve:

  1. To ensure that nobody can read the data you're communicating.
  2. That nobody is able to modify the data you're communicating.
  3. That you are able to establish that they really are who they say they are.

What is encryption anyway?

Encryption is a process by which you turn meaningful information, like the text you're reading now, and transform it into incomprehensible nonsense. Decryption is the reverse process; turning the nonsense back into meaningful information. The sequence of steps required to encrypt a piece of information is called an "Encryption algorithm". The "decryption algorithm" is the sequence of steps required to reverse that process. A "cipher" is a pair of encryption and decryption algorithms.

All modern ciphers use an additional concept of a "key". A key is a secret piece of information you use with the encryption algorithm to secure your data. If the cipher is strong and you don't have the proper key then you will not be able to decrypt the data in a reasonable amount of time even if you know exactly how the cipher works.

The reason why ciphers use a key is because it is easier to keep a key secret than it is to keep a cipher secret. The more people that use your cipher, the more likely it becomes that one of them will willingly (or unwillingly!) give your cipher to your enemy.

If the security of your cipher depends on its secrecy then you're in trouble. If the cipher is discovered, the only way to repair the security of the system is to make a new cipher and distribute it to all the people who need it. Of course, there is nothing to stop this new cipher becoming known to your enemy. It is clear to see that security based upon the obsecurity of the cipher is brittle.

However, if the security only depends on the secrecy of a key then it doesn't matter whether your enemy knows the cipher. It wont help them at all! Moreover, if the enemy discovers your key you can simply change it and your enemy will be back in the dark again. The security of this system is much more robust; changing the key is much easier than changing the cipher.

How can I be sure that all the security resides in the key?

There is an adage in the cryptographic community that anyone can develop a cipher that they themselves can't break. Therefore, it is an important question whether there are any ciphers that we know nobody can break.

Unfortunately, nobody has been able to find a cipher1 which can be shown to be impossible to break. The next best thing you can do is a get the world's best crytographers together and have a contest to design a cipher. Such a contest took place in the late 1990's.

The result of this process was a standard cipher called AES, which is short for Advanced Encryption Standard. It was designed by the very best people in the world and it is constantly being analysed by the very best people in the world. To date, nobody has found a way of breaking AES faster than trying every single possible key.

Therefore, if you use AES you can be confident that provided the key remains secret, your data is secure. Since AES is a relatively new invention there are some areas where adoption of this algorithm is slow, most notably with web-browsers.

So what does 128-bit mean?

When somebody says a cipher has a 128-bit key, what they mean is that the length of the key is 128 zeros and ones.

Why is this important to cryptography? Well, most good ciphers have only one known way of breaking them; trying every single key. The more keys there are the more keys have to be tried before the chances that you will stumble upon the correct one become reasonable. If a key is 128-bits long then there are 2128 different keys. On average you will have to search half of these keys (2127) before you get lucky. This is simply impossible with current technology and will remain so for a hundred years even if the growth in computing power stays at its current rate.

With this in mind, your next question might be why not use a 256-bit key, or a 350-bit key or a 1024-bit key? The answer is that it defeats the object of what we're trying to achieve with keyed encryption. The point of doing encryption is that you live by the assumption that protecting a small piece of information (like a 128-bit key) is a lot easier that protecting a lot of information like a document or a cell phone call. Ideally, we want our secret to be as small as possible but we need our secret to be big enough to resist an attack by trying every possible key. 128-bit keys are the value at which these two opposing considerations trade-off.


1 There are some ciphers that are completely unbreakable, such as the One Time Pad. However, these ciphers are not suitable for e-commerce transactions.