AES attack calculations (money and time)

Hauke Laging mailinglisten at hauke-laging.de
Sun Nov 17 14:36:34 CET 2013


Hello,

from time to time someone asks how secure (a)symmetric crypto really was and 
then our math and physics teacher Rob has his performance.

Somebody just pointed me at this:
http://2012.sharcs.org/slides/biryukov.pdf

Of course, they say "No practical impact due to reliance on related 
keys" because they had to stay below 2^100 but considering that they refer to 
real hardware whereas here the theoretical lower energy limits are used I am a 
bit surprised.

Is this paper correct? I am not an expert in these areas. The only point that 
came to my mind is that if you need energy of the magnitude of the US overall 
electricity consumption than you cannot ignore the energy costs. :-) Not even 
the impact on the prices for oil, gas and uranium at the world market. They 
calculated the price for chip fabs but not the one for power plants.

So what may be the upport bound there: The NSA will never have access to more 
than 1% (or rather 10%?) of the US electricity consumption? IIRC then 
electricity generation costs is supposed to be about 4ct (Euro cent) per kWh 
in Germany. Lower for the old nuclear plants but even higher if you build new 
ones. So the 4TW mentioned in the paper would result in about four billion 
(10^9) EUR per year for electricity if I calculated that correctly.

So maybe the rising energy prices turn out to at least protect our privacy... 
;-)

Another question as I am not familiar with crypto attacks: They are talking 
about plaintext there. Does that mean they need both plaintext and ciphertext 
to tun this kind of attack? If so then I assume the real computational effort 
is higher by orders of magnitude because you have to check whether each key is 
the right one. Is that correct?


BTW:
OpenPGP key generation on European TV again (starting at 28:30, 33:20 
respectively)
in German: http://www.arte.tv/guide/de/048515-004/tracks
in French: http://www.arte.tv/guide/fr/048515-004/tracks


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131117/f3fd15ee/attachment.sig>


More information about the Gnupg-users mailing list