[cryptography] philosophical question about strengths and attacks at impossible levels

Jon Callas jon at callas.org
Fri Oct 15 23:01:46 EDT 2010

On Oct 15, 2010, at 7:15 PM, James A. Donald wrote:

> On 2010-10-16 6:33 AM, Jon Callas wrote:
> > If you assume that there are Moore's-Law-Equivalent
> > increases in compute power indefinitely, then 128-bit
> > security is good until about 2050-2060, and 256-bit
> > security is good until 2150 or so. On the one hand, we know
> > that semiconductor improvements will peter out sometime.
> > Best guess now is that there's not much to be gained after
> > 2040 or so. So there's more to think that present things
> > are good enough.
> How come 2040?  Line width has been halving every four years,
> transistor density doubling every two years.
> Current line width is about 32 nanometers.
> Minimum line width is the size of a molecule, several atoms -
> probably a nanometer.
> If the limit is a nanometer, Moore's law expires in 2030

From where I sit, that's "or so."

If you really want to be cynical, the things you're discussing, combined with dealing with heat flux and other issues give good merit to say that Moore's Law starts petering out in 2005.

There are plenty of semiconductor folks who will say as much if you buy them a beer and swear not to quote them.


More information about the cryptography mailing list