Re: Someone said 256 bits is not enough
- From: TomFoolery <MajorTomFoolery@xxxxxxxxx>
- Date: Mon, 25 Feb 2008 09:39:37 -0800 (PST)
It depends. What are your assumptions?
*Because even if you were doing the best you could, irreversibly on a digital processor,...
*So it's not possible on a digital machine or a practically possible network of them.
It sounds like your friend was listening to a proponent of quantum
computing - some of them often put out such "facts".
I was trying to describe my assumptions as "not a quantum computer".
Ok. Here's something I don't understand about quantum computing...
I've heard that they can reduce a symmetric cipher to square root
complexity but something about that doesn't make a lot of sense. I
understand that they work on superposition and all. It just seems
like ... well, I can't really put it succinctly right now so I'll give
you an example.
Ugh.. well.. I read a lot about DNA computing where they cleverly
craft complimentary strands of DNA to model their problem and they go
together to form an exhaustive set of strings over the problem set and
then apply what are essentially filters to keep strings that match
what they expect from a valid solution and then they let them incubate
for a while or something to let those probably-more-correct strings
duplicate. I kind of see quantum computing doing the same thing.
You've got your superposition, an exhaustive set of strings over the
problem space, and you basically apply an optimization algorithm;
applying filters that keep waveform constituents that agree with what
you expect to be characteristic of the correct answer. I don't know
if you can amplify the signal after that or not, but you end up with
an answer or subset of answers that's increasingly more probable while
other answers' probabilities converge with zero...
I could be fundamentally off base here. I'm just not sure how that
extends to practice. I guess what I'm saying is if you are going to
universally reduce symmetric ciphers to square root complexity, that
includes ciphers that use the key to generate their internal states
and that use data dependent functions and stuff. I guess you're
already generating the key schedule in superposition.
When you say you're attacking with a quantum computer and that
complexity is reduced to square root, what are you assuming (if
anything) about the algorithm itself? How do you narrow in on what is
a more probably correct answer from a field of random looking stuff?
Does the quantum computer actually reverse the steps the algorithm
took..? I guess I'm actually in the dark about the pretty much all
the details of the implementation. So yeah, got any reading material
or references or anything?
2**128 is still a lot. Does this, in your opinion Mr Eather, warrant
a move to 512 bit keys or kilobit keys? I mean if we're facing such
eminent threats, why take chances, right?
.
- Follow-Ups:
- Re: Someone said 256 bits is not enough
- From: David Eather
- Re: Someone said 256 bits is not enough
- From: Kristian Gjøsteen
- Re: Someone said 256 bits is not enough
- References:
- Someone said 256 bits is not enough
- From: TomFoolery
- Re: Someone said 256 bits is not enough
- From: David Wagner
- Re: Someone said 256 bits is not enough
- From: Sebastian G.
- Re: Someone said 256 bits is not enough
- From: Quadibloc
- Re: Someone said 256 bits is not enough
- From: Einstein
- Re: Someone said 256 bits is not enough
- From: John E. Hadstate
- Re: Someone said 256 bits is not enough
- From: TomFoolery
- Someone said 256 bits is not enough
- Prev by Date: Re: a nonlinear 4-bit permutation
- Next by Date: Re: 16-bit Block Cipher
- Previous by thread: Re: Someone said 256 bits is not enough
- Next by thread: Re: Someone said 256 bits is not enough
- Index(es):
Relevant Pages
|
