Cryptography Reference
In-Depth Information
for practical purposes. Even one million or ten million such processors would
overtax the attacker's patience.
However, if we were able to penetrate into the THz (terahertz, 10
12
clocks per
second) range by means of novel types of physical principles and to operate one
billion (10
9
) deciphering units in parallel with just as novel a miniaturization,
then this ultracomputer would take only 10 minutes — a usable value indeed.
With these things in mind, I wouldn't want to guarantee a 20-year resistance of
a Skipjack-encrypted ciphertext, for Skipjack (Section 5.7.5) uses 80-bit keys.
But while talking about such long periods of time, Skipjack is probably not the
algorithm of choice; it would rather be AES with a minimum
key length of 128
bits
. What about security there? Our ultracomputer that can find 80-bit keys in
10 minutes would have to work on AES for over five billion years. You see
that classic physics won't help solve this problem.
Even more reason to leave our current minds would be an attempt to attack
256-bit keys
by brute force. This would correspond to 2
.
3
∗
10
77
trials. Suppose
we had a way to exploit quantum-mechanical effects of some sort that turn
an electron into a deciphering unit and put each electron to work at a clock
frequency of 10
15
Hz (which corresponds to the frequency of hard X-rays!).
The wonder computer thus constructed, which is supposed to solve this task
within one year, would have to have a mass of 10
28
grams (for each electron
weighs roughly 10
−
27
grams). This means that it would be as heavy as the
earth. If we replaced electrons by molecules, we would immediately land in an
order of magnitude of 10
33
grams, and that corresponds to the mass of a star.
Thinking more realistically based on our current minds, the computer would
be so heavy it would have to form a black hole, within which our task would
perhaps be solved — but the result could never come back out of it, as things
are with black holes.
You see that the key lengths of 192 and 256 bits additionally required for AES
don't originate from the fear of ending up with keys too short to resist brute
force. People wanted to have a large security reserve against future cryptanalytic
methods.
More realistic appears the thought that quantum computers might be built one
day, and that symmetric algorithms could also be attacked. If these computers
really worked 'squarely faster', then a 256-bit security would shrink to 128-bit
security. Well then, are 256 bits sufficient? Let's calculate things down: qubits
are controlled by means of electromagnetic radiation (radio waves, light, or
