Cryptography Reference
In-Depth Information
quantum computer algorithms (aside from the fact that it cannot be tested
practically yet). On the other hand, quantum computer specialists are not yet
familiar with the shallows of modern cryptanalysis.
Quantum computers are often confused with quantum cryptography, but there is
a huge difference: though both use quantum mechanics, they differ profoundly.
•
Quantum cryptography serves to transmit data where eavesdropping can
doubtlessly be detected in arrears, while quantum computers implement
algorithms, i.e., they are actually computers.
•
Quantum cryptography makes our world more secure, while quantum
computers make it clearly more insecure.
•
Quantum cryptography has progressed pretty far experimentally, while
nobody can tell whether we will ever be able to build a reasonable quan-
tum computer.
I personally tend to believe that cryptanalytic research will come up with a few
whopping surprises before the first large quantum computer is built. Think only
of unexpected methods like Shamir's impossible differentials (Section 5.7.5) or
Schneier's mod-3 cryptanalysis (Section 5.4.2).
What's Still In There For Brute Force?
Let's stay with physics and speculation for another while. People claim over
and again that brute force is only a matter of cost. That's nonsense! Of course
there is no such a thing as an absolutely secure system, but that's a different
story. I will compute a few simple examples that you can easily reconstruct
yourself.
To start with, take an
80-bit key
. Brute-force cracking it takes 2
79
trials, cor-
responding to about 6
∗
10
23
on average. The fastest processors reach a clock
frequency of about 1 GHz nowadays. Assume we actually had a superpro-
cessor that could really decrypt at this frequency. Though this is currently
utopia, it could well happen several years from now. Let's further assume
that we have 100 000 such processors in parallel at our disposal. It would
cost us a huge amount of money, but it's not impossible. All right, so we
would be able to run 10
14
decryptions per second. This comes pretty close
to the frequency of light! Nevertheless, the result is sobering: such a code
would be broken in well over 190 years on average — not particularly relevant
