(1/13) Cryptography Basics: Bits of Security
All cryptography systems are not created equal; some are more efficient and some are quicker, but all need measure how secure they actually are.
A guide to the unit by which cryptographic security is evaluated.
(2/13) Let's start at the very beginning: the definition of cryptography.
Cryptography is the practice of using mathematical techniques to secure communication/data from unauthorized parties.
While there are many ways to encrypt data, not all methods are equally secure.
(3/13) When designing a cryptographic system, the primary question is "how secure is this system."
We measure the strength of a cryptographic system with a metric called "bits of security." Specifically, it indicates the amount of computation required to break the system.
(4/13) Let's look at perhaps the most simple form of cryptography, a shift cipher (aka a Caeser cipher).
As fans of The Da Vinci Code already know, involves replacing each letter in the original data by a letter some fixed number of positions down the alphabet.
(5/13) For example, let's say you are encrypting a message with a shift cipher with a left shift of 3. If your message has a D, it would be replaced with an A.
So the message "Ethereum" would encrypt to "Bqebobrj."
(6/13) Obviously "Bqebobrj" is nonsense, and if someone got a hold of it they wouldn't understand what we are talking about... at least, at first.
But cracking this encryption wouldn't be tricky. Especially if the attacker had access to a computer.
(7/13) In the English alphabet, there are only 25 possible shifts (a shift of 0 or 26 leaves the text unchanged).
In order to crack this code, an attacker can just attempt every possible shift. When the message suddenly makes sense, they know they've cracked the encryption.
(8/13) We call this type of attack a "brute-force attack," which entails systematically trying every possible decryption key (in a shift cipher, the decryption key is the size of the shift - in our example: 3).
A brute-force attack relies on raw computational power.
(9/13) So, let's evaluate how many bits of security a shift cypher has.
Bits of security are based on the number of possible keys. As mentioned above, for a shift cipher there are 25 possible keys. Converted to binary: log_2 (25) = 4.6439.
Answer: less than 5 bits of security.
(10/13) 5 bits of security isn't much, much more often we are working with 128 or 256.
This chart will give you a rough estimate, in practice attacks would happen much quicker. In particular, parallel processing deployed across huge computing networks.
(11/13) Strictly speaking, bits of security reflect the effort needed to break a system using the best-known attack (not just brute-force).
It can also account for the difficulty of breaking the system via mathematical vulnerabilities or advanced cryptanalysis techniques.
(12/13) As always in life, it's important to think about trade-offs. Bits of security can impact the time to encrypt and decrypt data.
However, the impact is heavily dependent on the encryption system - especially how the underlying algorithm handles larger key sizes.
(13/13) In summary, bits of security measure of the strength of a cryptographic system; they represent the amount of computation needed to break the system.
In general, more bits of security imply longer encrypt/decrypt times, but impacts are highly dependent on the system.