Everybody who has used the web for some amount of time has accessed the secure section of a website. Most sites tout the fact they have 128-bit encryption but I suspect that to most people that term doesn't mean anything. The aim of this article is to explain what 128-bit encryption means to the average person in the street.
Encryption is a process by which you turn meaningful information, like the text you're reading now, and transform it into incomprehensible nonsense. Decryption is the reverse process; turning the nonsense back into meaningful information. The sequence of steps required to encrypt a piece of information is called an "Encryption algorithm". The "decryption algorithm" is the sequence of steps required to reverse that process. A "cipher" is a pair of encryption and decryption algorithms.
All modern ciphers use an additional concept of a "key". A key is a secret piece of information you use with the encryption algorithm to secure your data. If the cipher is strong and you don't have the proper key then you will not be able to decrypt the data in a reasonable amount of time even if you know exactly how the cipher works.
The reason why ciphers use a key is because it is easier to keep a key secret than it is to keep a cipher secret. The more people that use your cipher, the more likely it becomes that one of them will knowingly (or unknowingly) giving that cipher to your enemy.
If the security of your encryption depends on the secrecy of the cipher then you're in trouble. The only way to repair the security of the system is to make a new cipher and distribute it to all the people who need it.
If the security only depends on the secrecy of a key then it doesn't matter whether your enemy knows the cipher. It wont help them at all! Moreover, if the enemy discovers your key you can simply change it and your enemy will be back in the dark again. Changing the key is much easier than changing the cipher.
There is an adage in the cryptographic community that anyone can develop a cipher that they themselves can't break. Therefore, it is an important question whether there are any ciphers that we know nobody can break.
Unfortunately, nobody has been able to find a cipher1 where it is possible to show using mathematics that it is impossible to break. The next best thing you can do is a get the world's best crytographers together and have a contest to design a cipher. Such a contest took place in the late 1990's.
The result of this process was a standard cipher called AES, which is short for Advanced Encryption Standard. It was designed by the very best people in the world and is constantly being analysed by the very best people in the world. To date, nobody has found a way of breaking it faster than trying every single possible key.
Therefore, if you use AES you can be pretty sure that you've got a cipher that's difficult to break. Since AES is a relatively new invention there are some areas where adoption of this algorithm is slow, most notably with web-browsers.
We're used to working with denary (in 10s). There are ten symbols in denary [0,1,2,3,4,5,6,7,8,9]. Each of these digits is assigned a numeric value. 0 stands for zero, 1 stands for one and so on. We can put these symbols together to make bigger numbers. Take 321 for example. There are three hundreds, two tens and one unit. So 321 stands for three hundred and twenty one. Adding a column to the left of the number make each symbol ten times larger: e.g. 4321 contains four thousands, three hundreds and two tens and one unit; 4321 stands for four thousand, three hundred and twenty one. This way of writing numbers is called the "place value system."
It's hard to go through school and not understand the place value system. The important thing to realise is that computers also use the place value system but they only use binary numbers instead of denary numbers. Binary consists of just two symbols [0 and 1]. Just like we have digits in denary we have bits in binary. A 0 or 1 is a bit. 0 is given the value of zero and 1 is given the value of one. In a similar fashion to the way we work with denary, we can encode any number we can write in denary into binary using these two symbols. In denary, I might say a number is 10 digits long. In binary, I say a number is so many bits long. So a 128-bit key refers to whose length is 128 bits.
Why is this important to cryptography? Well, most good ciphers have only one known way of breaking them; trying every single key. The more keys there are the more keys have to be tried before the chances that you will stumble upon the correct one become reasonable. If a key is 128-bits long then there are 2128 different keys. On average you will have to search half of these keys (2127) before you get lucky. This is simply impossible with current technology and will remain so for a hundred years even if the growth in computing power stays at its current rate.
A strength of 128-bits means that it should take no less effort than doing 2127 key tests, on average, to recover your secret information. With this in mind, your next question might be why not use a 256-bit key, or a 350-bit key or a 1024-bit key? The answer is that it defeats the object of encryption. The point of doing encryption is that you live by the assumption that protecting a small piece of information (like a 128-bit key) is a lot easier that protecting a lot of information like a document or a cell phone call. Ideally, we want our secret to be as small as possible but we need our secret to be big enough to resist an attack by trying every possible key. 128-bit keys are the value at which these two opposing considerations trade-off.
1 There are some ciphers that are completely unbreakable, such as the One Time Pad. However, these ciphers are not suitable for e-commerce transactions.