# Classical Cryptography

## Introduction

Today’s cryptographic systems rely on complex mathematical algorithms to ensure data confidentiality.

Classical cryptographic systems are divided into two main categories:

• Symmetric algorithms, such as AES and DES, are difficult to break with existing technology but their future security cannot be guaranteed. These encryption algorithms have no publicly known, computationally feasible inverse algorithms or attacks capable of recovering the original message without the decryption key. Instead all known attacks involve a work factor (or brute force) to break. However advances in quantum, optical, molecular and even classical computing are constantly reducing the necessary work factor in terms of time and money.
• Asymmetric algorithms, such as RSA and Diffie Hellman (for authentication), are based on number theory. These cyphers are all based on the presumed difficulty of a small set of number theoretic problems. All known algorithms are subject to short-cut attacks (such as factorization of composites for RSA). When first deployed, 512-bit RSA keys were considered strong. Current recommendations are to use at least 2,048 bit, or even 4,096 bit RSA keys. Improvements in computer performance and advances in efficient algorithm implementations require regular increases in key size to maintain a given security strength.

## Emerging Threats

How long will today’s conventional cryptography be secure? We don’t know, however some very real threats are emerging, these include:

Quantum computers pose a very real threat to asymmetric algorithms in particular, where decryption algorithms have already been established, whilst symmetric systems are expected to hold up somewhat better although the work factor will be dramatically reduced.

These real threats have relegated classic cryptography to be convenient for the time-being, but not a future-proof solution. Information encrypted and sent today can easily be stored and decoded down the track. In such an information intensive age, where data security is expected to last the course of time, a more robust data security method is necessary.