Re: Someone said 256 bits is not enough




Pubkeybreaker wrote:

Guy Macon <http://www.guymacon.com/> wrote:

Pubkeybreaker wrote:

giorgio.tani wrote:

The broadest consensus in the community is: 128 bit are enough to
protect for 10-30 years of likely computing evolution

I do not agree with this statement in the slightest.

Even if Moore's law continues for another 30 years, 128 bits
will be well out of range.

Do the arithmetic.

And you are 99.999..% sure (add enough nines to reach 2^128)
that in the next 10-30 years no Quantum Computer capable of
cracking a 128-bit cipher will be invented -- how? How could
you possibly know such a thing?

(1) Economics/Level of Effort -- There isn't enough work being done
developing such a computer.

You have no way of knowing that the above claim is true now, and
you cannot look into the future and know that the above claim will
be true 20 years from now.

(2) Even supposing such a computer is built, it will still require
time ~ 2^64 *on a single computer*.

You have no way of knowing that the above claim is true.
You cannot look into the future and know what the speed of
an uninvented algorithm running on an uninvented computer
will be.

I will grant a magic wish: Poof. Your PC is now a quantum
computer. Ask yourself how long it will take to do 2^64
operations at a 3GHz clock rate.

You haven't established your "2^64" claim.

Assuming (and this is a big assumption, but you do not
*know* it to be false) that a Quantum Computer can be
invented that can search for a solution among 2^N possible
keys in N time (It is far from clear whether this is
possible even if a Quantum Computer is possible, but again
you do not know it to be false), and further assuming that
it can test the first key in one second (a 1Hz clock rate),
it would be able to:

Test one key in one second
Test 2^16 keys in 16 seconds
Test 2^32 keys in 32 seconds
Test 2^64 keys in 64 seconds
Test 2^128 keys in 128 seconds
Test 2^256 keys in 256 seconds
Test 2^512 keys in 512 seconds
Test 2^1024 keys in 1024 seconds
Test 2^2048 keys in 2048 seconds
Test 2^4096 keys in 4096 seconds

....and so on.

4096 seconds is a little over an hour.

Do the arithmetic.

Admittedly, the probability of the above happening is very,
very low. I would guess odds of millions or perhaps billions
to one against. Are the odds 2^128 to 1 against? I don't
know and neither do you.


--
misc.business.product-dev: a Usenet newsgroup
about the Business of Product Development.
-- Guy Macon <http://www.guymacon.com/>

.

Relevant Pages

  • Re: On Open Source
    ... at Crypto'03 Greg signed all of our keys. ... Is that what you were speaking of when you wrote "there is *NO* defense ... Guy Macon, Electronics Engineer & Project Manager for hire. ... Do you have an "impossible" engineering project that only someone like Doc Brown can solve? ...
    (sci.crypt)
  • Re: Someone said 256 bits is not enough
    ... Guy Macon wrote: ... keys in N time (It is far from clear whether this is ... possible even if a Quantum Computer is possible, ... Could he possibly have imagined a calculating machine ...
    (sci.crypt)
  • Re: Someone said 256 bits is not enough
    ... *know* it to be false) that a Quantum Computer can be ... keys in N time (It is far from clear whether this is ... you had an algorithm that could search exponential space in polynomial ...
    (sci.crypt)
  • Re: Someone said 256 bits is not enough
    ... *know* it to be false) that a Quantum Computer can be ... keys in N time (It is far from clear whether this is ... you had an algorithm that could search exponential space in polynomial ... exponential *unsorted* space in polynomial time.. ...
    (sci.crypt)
Quantcast