-2

The minimum key length for the AES algorithm is 128 bit. Assume that a special-purpose hardware key-search machine can test one key in 10 ns on one processor. The processors can be parallelized. Assume further that one such processor costs $10$, including overhead. (Note that both the processor speed and the prize are rather optimistic assumptions.) We assume also that Moore’s Law holds, according to which processor performance doubles every 18 months. How long do we have to wait until an AES key search machine can be built which breaks the algorithm on average in one week and which doesn’t cost more than $1$ million?

kelalaka
  • 49,797
  • 12
  • 123
  • 211
Network reader
  • 9

1 Answers1

3

Disclaimer: This answer is only a mathematical evaluation of Network reader's question. In reality, the maximum possible (traditional) processor performance is limited in space, time and cost by Planck time, Planck length and quantum tunneling.

As forest pointed out, this question is purely mathematical and not very practical (optimistic assumptions), so it would be better suited on a mathematical site.

Nonetheless, it's an interesting problem and I couldn't resist.

To start with, we first need to calculate how many attempts (tests) $n$ are necessary in the worst case. Assuming the minimum AES key length, that number would be $$ n = 2^{128} \approx 3.402824 \times 10^{39} $$ Next, we need to create a function that models the time $1$ processor needs to test all possible keys, where $m$ is the number of months passed. Every $18$ months, the time required to test a single key is halved, as processing power doubles: $$ t_1(m) = n \times 10 \times 2^{-\frac{m}{18}} \ \ \mathrm{ns} $$ One week $w$ equals $6.048 \times 10^{14} \ \ \mathrm{ns}$, so the time you'd have to wait until one processor is fast enough to test all possible keys in one week is $1,480$ months.

If you were to buy more processors (100,000 in your example, as each one costs 10 and you want to spend a million), it would only speed up the process by the number of processors you used. Usually quite an advantage, but in this case it only makes the numbers a little less crazy: Assuming we are able to distribute the work equally to all $100,000$ computers $$ t_{100,000}(m) = t_1(m) \times \frac{1}{100,000} $$ we would still have to wait $1,181$ months, that's about $98$ years until your hypothetical processors are fast enough to test all possible AES-128 keys in one week, with things only getting worse when you consider bigger key lengths.

Desmos Graph: https://www.desmos.com/calculator/du9vsqthdv

Tucan Holmes
  • 31
  • 3