Skip main navigation

How do we measure the strength of encryption schemes?

How do we measure the strength of encryption? This article will show you the ways that cryptologists assess a cipher to measure its security.

In this article, we are going to explore how encryption schemes are evaluated to measure their security. You will find out how you can prove that modern encryption schemes are much more secure than the Caesar cipher.

Computational security

Computationally secure ciphers are considered secure because cracking them would require more computational resources than it is reasonable to assume anyone has access to.

In computer terms, ‘resources’ tend to refer to two characteristics: time, i.e. how long the cracking process takes to execute, and space, i.e. how much memory (RAM) is required.

The tricky part for cryptologists is devising a system that makes a low demand on space and time resources when used correctly but would take too long or too much space for an interceptor to crack.

How we measure encryption schemes

You can get a feel for how much time and space the cracking process will take by examining some characteristics of the encryption method, such as:

  • The key length
  • The algorithmic complexity required to crack the cipher
  • The number of steps and the time required for a successful attack

Key length

The longer the key is used in your encryption scheme, the more possible values you could choose. This adds time to the cracking process, as an attacker has more keys to generate and try.

The longer a key is, the more memory space it requires. The length of a key in computational encryption is measured in bits. Modern encryption uses keys that can be 2,048 bits or longer.

Algorithmic complexity

To crack a cipher, an attacker needs to use the information available to them, such as patterns in the ciphertext or a partial key, to arrive at the full key. If the encryption scheme is well designed, then the encryption and decryption process will be ‘easy’, but the process of working out the key will be very complex.

The more complex the cracking process is, the more secure the encryption is.

Methods of attack

An attacker might not have to brute force the key; they might have other ways to break your code. Frequency analysis is one of these methods.

They may also be able to crack the code more easily with the second piece of ciphertext encrypted with the same key. If any of these methods is particularly effective against your scheme, then it will counteract any of the benefits of having a longer key or a more complex algorithm.

The Caesar cipher and methods of attack

The Caesar cipher (and all substitution ciphers) is vulnerable to more methods of attack than just the brute force of a key.

Frequency analysis and common letter patterns can give clues to possible keys that you can then quickly try on the first few words or letters of the ciphertext. These vulnerabilities will give it a poor rating in this area as well.

Sizing up the Caesar cipher

So how secure is the Caesar cipher, considering your new evaluation methods for ciphers?

The Caesar cipher uses at most a 5-bit key, as in binary, 26 is 11010. There are only 25 possible Caesar cipher keys, so it is easy enough for a human to try all of them, and trivial for a computer to do it.

You do not need all of the ciphertexts at once

The encryption and decryption algorithms for the Caesar cipher are not at all complex. They are made even more flimsy by one simple fact: you do not need all of the ciphertexts at once.

You can take a snippet of it and try your keys on that. If you use this technique, the memory requirements are even lower than they would normally be.

The time requirements are also very small, as the processing needed is essentially just simple mathematics — addition and subtraction. These are exactly the tasks that computers are designed for, and processors can perform billions of them per second. Put plainly, the time complexity is very low.

Overall security assessment

The Caesar cipher may have worked for the ancient general, but if you want to keep your information safe in a modern, computer-enabled world, you need to use a better encryption scheme.

This article is from the free online

Introduction to Encryption and Cryptography

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education