AES attack calculations (money and time)
Hauke Laging
mailinglisten at hauke-laging.de
Sun Nov 17 14:36:34 CET 2013
Hello,
from time to time someone asks how secure (a)symmetric crypto really was and
then our math and physics teacher Rob has his performance.
Somebody just pointed me at this:
http://2012.sharcs.org/slides/biryukov.pdf
Of course, they say "No practical impact due to reliance on related
keys" because they had to stay below 2^100 but considering that they refer to
real hardware whereas here the theoretical lower energy limits are used I am a
bit surprised.
Is this paper correct? I am not an expert in these areas. The only point that
came to my mind is that if you need energy of the magnitude of the US overall
electricity consumption than you cannot ignore the energy costs. :-) Not even
the impact on the prices for oil, gas and uranium at the world market. They
calculated the price for chip fabs but not the one for power plants.
So what may be the upport bound there: The NSA will never have access to more
than 1% (or rather 10%?) of the US electricity consumption? IIRC then
electricity generation costs is supposed to be about 4ct (Euro cent) per kWh
in Germany. Lower for the old nuclear plants but even higher if you build new
ones. So the 4TW mentioned in the paper would result in about four billion
(10^9) EUR per year for electricity if I calculated that correctly.
So maybe the rising energy prices turn out to at least protect our privacy...
;-)
Another question as I am not familiar with crypto attacks: They are talking
about plaintext there. Does that mean they need both plaintext and ciphertext
to tun this kind of attack? If so then I assume the real computational effort
is higher by orders of magnitude because you have to check whether each key is
the right one. Is that correct?
BTW:
OpenPGP key generation on European TV again (starting at 28:30, 33:20
respectively)
in German: http://www.arte.tv/guide/de/048515-004/tracks
in French: http://www.arte.tv/guide/fr/048515-004/tracks
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131117/f3fd15ee/attachment.sig>
More information about the Gnupg-users
mailing list