The tale is told that centuries ago, Grand Vizier Sissa Ben Dahir invented a new pleasure for his king, Shirham of India, the game of chess. Delighted, the king asked this vizier to name his reward. Sissa Ben Dahir was not just inventive, but mischievous. He archly requested a trifle, a mere portion of wheat: One grain on the first square of a chessboard, two on the second, four on the third, and so on, doubling through all sixty-four squares.

Grand Vizier Sissa Ben Dahir’s wheat order in fulfillment

One imagines that the king agreed happily. The vizier, though, was laughing up his sleeve. Concealed in his humble request was the explosive phenomenon of exponential growth. On the tenth square of the board would have been deposited more than one thousand grains, on the twentieth, over a million. The number of grains on the last square would have been 9,223,372,036,854,775,808. (That is, 2⁶³.) At 7,000 grains per pound, this quantity of wheat would have exceed 650,000,000,000 tons–about one thousand times the annual worldwide production today!

What does this have to do with secret codes? Exponential growth is the phenomenon that keeps code-breakers at bay and makes encryption practical.

The most popular encryption system until recently was something called DES (Data Encryption Standard). It uses secret keys consisting of 64 bits. In binary, a DES key looks like this:

1001001001010111101011110101000101010001101010001010101001010110.

How many possible DES keys are there, i.e., how many possible ways to write out 64 bits? There are 2⁶⁴, that is, the number 2 doubled 64 times. Now, the straightforward way to break an encryption system with 64-bit keys is to try every key until the correct one is found. On average, this requires 2⁶³ tries. (It suffices to try half of all possible keys on average to hit the right one, and 2⁶³ = 2⁶⁴ / 2). Recall that 2⁶³ is exactly the number of grains of wheat on that last square of Ben Dahir’s chessboard.

The astonishing thing is that computers today are capable of handling computations of this size. In fact, in the most prominent public key-cracking contest (run by RSA Laboratories), the largest “cracked” key was 64 bits in length. It took a large network of computers nearly five years. Today it would require substantially less expensive computing resources.

Today, the key length of secret-key encryption schemes-such as the Advanced Encryption Standard (AES), a successor to DES-runs up to 256 bits. That’s far beyond the reach of all of any computer today. Cracking a 256-bit key isn’t four times as hard as cracking a 64-bit key, it’s 2¹⁹² times as hard. To put this in perspective, 2²⁵⁶ far exceeds the number of atoms in the Sun–not to mention all of the planets in the Solar System. That’s why cryptographic keys can provide so much power in such a small compass.

As for Sissa Ben Dahir, the tale does not relate whether King Shirham’s humor operated on the cosmic scale required to pardon his Grand Vizier’s joke with good grace.

• For technical reasons, the effective key length of DES is only 56 bits. A special-purpose computer capable of cracking DES keys in a matter of days was demonstrated in 1998. The inadequacy of DES for long-term cryptographic protection is now universally acknowledged, and security architects instead employ AES, typically with 128-bit keys.
• Encryption systems like RSA-so called “public-key” cryptosystems-require rather longer keys, due to the keys’ special algebraic structure.  For present needs, the most commonly recommended length for RSA keys is 2048 bits.