Re: On what the NSA does with its tech
MV writes:
Yes. They can't break a 128 bit key. That's obvious. ("if all the atoms in the universe were computers..." goes the argument).
Not necessarily, if nanotechnology works. 128 bits is big but not that big. Eric Drexler, in Nanosystems, section 12.9, predicts that a nanotech based CPU fitting in a 400 nm cube could run at 1000 MIPS and consume 60 nanowatts, performing 10^16 instructions per second per watt. Let's design a system to break a 128 bit cipher. Let's suppose it has to do 2^10 instructions per test, so this is 2^138 instructions total, or about 10^41. Let's let it run for four months, which is 10^7 seconds, so our necessary processing rate is 10^34 instructions per second. This means we need 10^34 IPS / 1000 MIPS or 10^25 of Drexler's gigahertz cubes, call it 10^25 cubic microns or 10^7 cubic meters, a cube about 220 meters on a side. The system will consume 10^25 * 60 nanowatts or about 6 * 10^17 watts. Now, that's a lot. It's four times what the earth receives from the sun. So we have to build a disk four times the area (not volume) of the earth, collect that power and funnel it to our computers. Probably we would scatter the computers throughout the disk, which would be mostly composed of solar collectors. (Keeping the disk gravitationally stable is left as an exercise for the student, as is the tradeoff involved in making it smaller but moving it closer to the sun.) Fortunately, exhaustive key search is perfectly parallelizable so there is no need for complex communications or synchronizations between the processors. As you can see, breaking 128 bit keys is certainly not a task which is so impossible that it would fail even if every atom were a computer. If we really needed to do it, it's not outside the realm of possibility that it could be accomplished within 50 years, using nanotech and robotics to move and reassemble asteroids into the necessary disk. Now, 256 bit keys really are impossible, unless the whole contraption above can be made to operate as an enormous, unified quantum computer, in which case it could theoretically break even 256 bit keys. 512 bit keys... now those really are impossible. Hal
On Wed, Aug 04, 2004 at 11:04:15AM -0700, "Hal Finney" wrote: [...]
The system will consume 10^25 * 60 nanowatts or about 6 * 10^17 watts. Now, that's a lot. It's four times what the earth receives from the sun. So we have to build a disk four times the area (not volume) of the earth, collect that power and funnel it to our computers. Probably we would scatter the computers throughout the disk, which would be mostly composed of solar collectors. (Keeping the disk gravitationally stable is left as an exercise for the student, as is the tradeoff involved in making it smaller but moving it closer to the sun.)
If I did my unit conversions right, such a disk would be over 30,000 miles in diameter. So we'll probably get some advance notice - "Hey, what's that big-ass thing orbiting around the Moon?" -Jack
The planet sized processor stuff reminds me of Charlie Stross' sci-fi short story "Scratch Monkey" which features nanotech, planet sized processors which colonize space and build more planet-sized processors. The application is upload, real-time memory backup, and afterlife in DreamTime (distributed simulation environment), and an option of reincarnation. http://www.antipope.org/charlie/fiction/monkey/ Adam On Wed, Aug 04, 2004 at 04:44:58PM -0400, Jack Lloyd wrote:
On Wed, Aug 04, 2004 at 11:04:15AM -0700, "Hal Finney" wrote:
[...]
The system will consume 10^25 * 60 nanowatts or about 6 * 10^17 watts. Now, that's a lot. It's four times what the earth receives from the sun. So we have to build a disk four times the area (not volume) of the earth, collect that power and funnel it to our computers. Probably we would scatter the computers throughout the disk, which would be mostly composed of solar collectors. (Keeping the disk gravitationally stable is left as an exercise for the student, as is the tradeoff involved in making it smaller but moving it closer to the sun.)
If I did my unit conversions right, such a disk would be over 30,000 miles in diameter. So we'll probably get some advance notice - "Hey, what's that big-ass thing orbiting around the Moon?"
-Jack
On Wed, Aug 04, 2004 at 04:44:58PM -0400, Jack Lloyd wrote:
If I did my unit conversions right, such a disk would be over 30,000 miles in
Drexler's estimate for computers are coservative (purely mechanical rod logic). SWNT-based reversible logic (in spintronics? even utilizing nontrivial amounts of entangled electron spins in solid state qubits for specific codes?) could do a lot better. So today's secrets perhaps won't be in a few decades. What else is new? Rather, who's passphrase has 128 bits of pure entropy? Certainly not mine. So the weakest link is elsewhere.
diameter. So we'll probably get some advance notice - "Hey, what's that big-ass thing orbiting around the Moon?"
By that time the question is rather "do you think that's air you're breathing?" Check out some of the stuff on http://moleculardevices.org/ you might get a surprise. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
On Wed, 4 Aug 2004, Hal Finney wrote:
As you can see, breaking 128 bit keys is certainly not a task which is so impossible that it would fail even if every atom were a computer. If we really needed to do it, it's not outside the realm of possibility that it could be accomplished within 50 years, using nanotech and robotics to move and reassemble asteroids into the necessary disk.
There are easier targets than the symmetric cipher algorithm itself. You may aim at RSA, try to break through the factorization problem, or find another weakness in it. Same for other algorithms of this class. You may aim at the passphrase, as several other people suggested. You may use nanotech to compromise the hardware, and/or to intercept the data. This includes "eating and duplicating" chips, including key storage tokens; just go layer after layer and rebuild it (or create its "virtual" image) including the levels of electric charge in the memory cells. How to design a token that would be resistant to nanoprobes? (Perhaps by equipping it with an "immune system" of nanoprobes of its own?) Quantum computers may be the way to break factoring-related algorithms. Nanotechnology can bring many ways for physical compromising of the targets and their vicinity (the "fly on the wall" attack). The impracticability of breaking symmetric ciphers is only a comparatively small part of the overall problem.
On Wed, Aug 04, 2004 at 06:16:14PM -0400, Adam Back wrote:
The planet sized processor stuff reminds me of Charlie Stross' sci-fi short story "Scratch Monkey" which features nanotech, planet sized
Not a coincidence, as he's been mining diverse transhumanist/extropian communities for raw bits. Kudos to his work, very nicely done.
processors which colonize space and build more planet-sized processors. The application is upload, real-time memory backup, and afterlife in DreamTime (distributed simulation environment), and an option of reincarnation.
http://www.aleph.se/Trans/ is a bit dated, but is still a very good resource. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
participants (5)
-
Adam Back -
Eugen Leitl -
hal@finney.org -
Jack Lloyd -
Thomas Shaddack