Closed alexandre1985 closed 5 years ago
Hello!
"post-quantum" world is a world where everything that we know now exists, plus there are working quantum computers. Effectively, post-quantum security also means "traditional" security. (Formal reduction proof by simulation is possible.)
It is not necessary (unless you want to put RSA or other algorithms into the chain just to be sure).
What do you mean by "nanocomputing" here? If that's what wiki says (brutal minimalization and parallelization), you're safe for following reason: No matter what technical advantage gets created, to break an algorithm with 256-bit-equivalent security you need to run at least around 2^256 single computations. Supposing your nanocomputing is able to compute at maximum possible efficiency and run each this single computation at the cost of a single electron (!), you will need to consume around 2^256 electrons for powering the whole attack. Sadly, earth only has (IIRC) around 2^180 electrons, and the whole observable universe contains "only" around 2^250 electrons. So, unless you find a mathematical deficiency in the used algorithms, you will have serious tuble just with getting enough energy to power the whole thing.
@exaexa I ask you to please give an answer, to solidify my knowleadge. I need it
This stick my mind and now this argument brings me 'security fear'.
While that sugar-cube-level of power compression is remarkable (if achieved), it is still embarrasingly slow when facing 2^256. The cryptanalysis advances are far, far more likely (and efficient) way for breaking the ciphers.
Let's do a bit of 4th-grade math to explain:
Under the ultra-optimistic condition that you turn the whole Earth into sugar cubes that (1) each have the computational power of the whole mankind now and (2) magically require no energy at all, you will get free computational power of 10^27
ops/s (count of sugar cubes with mass equal to earth) times 2^100
(my very optimistic estimate of achievable bit operation throughput in all computers on Earth now; cf. BTC pool has estimated power of about 2^64
).
In total, that gives you around 2^189.6
ops/s computing power, instant ability to break SHA-128 and most basic RSA variants with keys smaller than 8k bits. To get 50% chance of successfully bruteforcing the key with 2^256
bit security equivalent with that (e.g. the codecrypt 256-variants, or reversing SHA256), you still need more than 1542657943664 years (around 300-times the age of our universe).
Also, the security improvements are usually exponential with parameter sizes -- if we move to universe-scale computers (total sci-fi), you only need to go to, say, 384-bit-equivalent security keys (easily achieved with codecrypt), and you have another gazillion years of security almost for free.
In short, bruteforcing stuff of sufficient bit security doesn't really pay off.
You are good 😃 Thank you so much for the lesson 😃
No required for you to answer, just a bit of curiosity, what do I need to do to achieve a 384-bit-equivalent security key in codecrypt?
achieve a 384-bit-equivalent security key in codecrypt
Tune up parameters of the algorithms. Like at around here: https://github.com/exaexa/codecrypt/blob/master/src/algos_enc.cpp#L416 (you need to take in the bit security of ChaCha20 though)
or here: https://github.com/exaexa/codecrypt/blob/master/src/algos_sig.cpp#L212
Hint: currently, going from 256 to 384 is plain waste. For asymmetric cryptography, most people and companies use and recommend 128-bit-equivalent stuff and view 256 as a brutal overkill.
Thank you!
I know codecrypt aims to provide post-quantum security.
Does this mean that codecrypt also provides security against classical computer attacks?
I mean, if I use codecrypt, is it wise to also use PGP encryption on top of codecrypt's encryption?
As a side note for the future, I'm worried about nanocomputing performance could easily break classical computer encryption (and nobody talks about it) and would also like to know if codecrypts encryption would cater this type of attacks.