If you thought that 256 bit encryption used by web sites and online banking was good enough, here is food for thought.
A 923 bit encryption (278 digits) was broken by Fujitsu Labs, Kyushu University in Japan and National Institute of Information and Communications Technology worked together and over an effort lasting 148.2 days using 21 computers. This sets a new public record for cryptanalysis. The previous record was held by researchers from NICT and Hakodate Future University. While breaking this record, they had broken a 204 digit, 676 bit, encryption in 2009. Therefore the current cryptanalysis is a very significant improvement.
The scientists say that this level of encryption could not have been broken if the data had been encrypted using public key techniques. However since the data was encrypted by using pairing based cryptography they were able to break the encryption. While this test demonstrates some vulnerabilities in the pairing based encryption system, this technology is coming into widespread use in applications such as functional encryption, keyword searchable encryption and identity based encryption, all of which were not possible using public key cryptographic methods.
The press release by Fujitsu Labs is very balanced and low key. While it understandably takes the credit for the achievement, it also goes on to say that pairing based cryptography has not yet reached the level of sophistication as public key methods and that could be a possible reason for its being broken. Given more time and development, these vulnerabilities could be removed and the algorithm would be improved.
Breaking the encryption involved using advanced computer algebra, two dimensional search algorithms and efficient programming. The program ran over 21 computers and used parallel processing to maximize the power available to it.
Is the record merely statistics or does it help computer science evolve? It is obvious that this kind of evaluation will help in proper selection of encryption systems and will greatly help in the evolution of these systems. Governments and security agencies would be watching this development closely as well as would be the guys who plane to use such encryption.
Yet another issue that is worth discussing is what would have happened if a super computer was available to the team? Cycle Computers, running on the Amazon Web Service platform is offering the capability of a $20 million super computer having 51,000 cores for just $4,828.85 per hour. Cloud computing gives this kind of computing power to just anyone who can shell out this money. I am sure that if a program were written to use these 51,000 cores in parallel rather than just the 21 processors the experiment actually used, the attempt would have taken far fewer days to break the record.
Meanwhile, how about you and me? How are we affected? Unless you have some very special needs, 256 bits should be good enough. Should you need more, I would suggest that you stay with the more mature public key encryption methods rather than use the new pair based algorithm even if it does give you additional ease of usage.