Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

It seems to be common practice (at least in some communities) to tack on the phr

ID: 650829 • Letter: I

Question

It seems to be common practice (at least in some communities) to tack on the phrase "with current computing power" when estimating the absurdly long time it would take to, for example, brute-force an ECDSA private key or find an SHA256 collision, but am I wrong in thinking that these calculations should account for the ever-increasing power of the "average" computer?

In short, when making an educated guess of time-to-crack via brute force, is there a some kind of easy "fudge factor" to include that accounts for likely technological improvements a la Moore's Law (et al)?

Explanation / Answer

There was a blog post on the same issue in 2009. Yes, it is right that RSA based on 1024 bit N might be insecure after few years and it is not that cryptographer and practioneers are not aware of and NIST regularly updates its recommendations. The earlier recommendations were to use 512 bits prime and as we all know it does not take a lot of effort by nowadays computer to break it, even by brute force. The same applies for Diffie-Hellman problem. The size of key increases as the computation power increases. Of course, we always have the heuristics that AES has been not broken in past 13-14 years of its existence and hence must be secure.

Now the above was a practioneers point of view. I will follow up with a theoretician point of view of the above issues.

From the theoretical point of view, we always get the security guarantee in two formats: concrete security and asymptotic security. Unfortunately, there is no middle path that uses the best of both the world. In concrete security analysis, you say that suppose you give a computer t time (you can see it as MIPS or whatever measure you use to measure the computational power), then it will succeed in breaking the scheme by probability at most ?. Here you run in the trouble of having no knowledge of what to do when the parameters are different than what you analyzed.

From the asymptotic point of view, you measure the security of the cryptosystem by analyzing the security as the security parameter increases. This method does have all the drawback of asymptotic analysis and it might be true that you can't have a secure system if you use a small input size.

Now lets try give a convincing answer to your question. Yes, people do answer the security in terms of Moore's law and the answer is usually of the form: with increase in computing power, you also have an ease of memory. So just increase the key size! Okay, that's not convincing and I would love to see a more convincing argument.

Related Questions

It needs to allow a two-digit number for input that will be used to indicate how
Question #3530368
It needs to be C# Instructions MoveEstimator...+ MoveEstinator.cs (11,35): error
Question #3744841
It needs to be a .cc file(C source file): Also if you can explain each part a li
Question #669920
It needs to be done in c pgoramming ,its my final please help. The present quiz
Question #2083538
It needs to be in the form of a table. IP is below 172.14.103.0/22 Size of subne
Question #3533053
It needs toaccept between 2 and 30 students and attendance for each of up to10 d
Question #3619056
It needs toaccept between 2 and 30 students and attendance for each of up to10 d
Question #3619084
It notes that business risks can generally be classified into four categories: p
Question #2762051
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
It seems there is a difference between \"streaming\" in cryptographic sense (as
Next
It seems to be fashionable recently to omit semicolons from Javascript. There wa

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.