[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cryptography] How big a speedup through storage?

On Fri, Jun 20, 2014 at 6:35 PM, Jeffrey Goldberg <[email protected]> wrote:
> (I hope it is clear that I do not think of this as anything like a practical
> threat to AES.

Of course, 8 rounds at 2^unreachable is not practical.

> I had just remembered this paper, with its enormous data
> requirements when I saw original question.)

>>> Any (reliable) estimates on how big?
>> $10M in drives at consumer pricing will get you a raw 177PB, or 236PB at
>> double the space and power. Or $1B for 17EB. Budget is an issue.
> As always, letâ??s go with the high estimate in the hands of the attacker. We
> are still far far short of the storage requirements for this particular attack
> (and all for less than a 2-bit gain).
> So I think that it is safe to say that all that data storage is not an attempt
> to use the particular attack I cited.

I meant as answer 'estimates on how big' question. Take what we know
about storage, figure in some good efficiencies for the 'storage only' case.
And figure what can be bought and operated year on year per foot. You could
hide/support $1B + $1B/year but $10B/yr would be hard given entire intel
budget is $80B, or $50+B if you drop mil. So...

1) How big can you get within budget?
2) What can you do with it re: a) crypto, or b) otherwise?