Using the Cloud to Determine Key Strengths - Triennial Update

We develop a new methodology to assess cryptographic key strength using cloud computing, by calculating the true economic cost of (symmetricor private-) key retrieval for the most common cryptographic primitives. Although the present paper gives the current year (2018), 2015, 2012 and 2011 costs, more importantly it provides the tools and infrastructure to derive new data points at any time in the future, while allowing for improvements such as of new algorithmic approaches. Over time the resulting data points will provide valuable insight in the selection of cryptographic key sizes. For instance, we observe that the past clear cost-advantage of total cost of ownership compared to cloud-computing seems to be evaporating.

[1]  Mitsuru Matsui,et al.  On the Power of Bitslice Implementation on Intel Core2 Processor , 2007, CHES.

[2]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[3]  Don Coppersmith Modifications to the Number Field Sieve , 2004, Journal of Cryptology.

[4]  Marc Stevens,et al.  Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate , 2009, CRYPTO.

[5]  Jean-Didier Legat,et al.  Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs , 2003, CHES.

[6]  Arjen K. Lenstra,et al.  Factoring by Electronic Mail , 1990, EUROCRYPT.

[7]  Shay Gueron,et al.  Intel's New AES Instructions for Enhanced Performance and Security , 2009, FSE.

[8]  Tim Güneysu,et al.  Cryptanalysis with COPACOBANA , 2008, IEEE Transactions on Computers.

[9]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[10]  John Gilmore,et al.  Cracking DES - secrets of encryption research, wiretap politics and chip design: how federal agencies subvert privacy , 1998 .

[11]  Jean-Didier Legat,et al.  Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES , 2003, FPL.

[12]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[13]  Robert D. Silverman,et al.  Parallel implementation of the quadratic sieve , 1988, The Journal of Supercomputing.

[14]  Arjen K. Lenstra,et al.  A heterogeneous computing environment to solve the 768-bit RSA challenge , 2010, Cluster Computing.

[15]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[16]  Arjen K. Lenstra,et al.  Unbelievable Security. Matching AES Security Using Public Key Systems , 2001, ASIACRYPT.

[17]  Christof Paar,et al.  SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers , 2005, CHES.

[18]  Arjen K. Lenstra,et al.  Computation of a 768-Bit Prime Field Discrete Logarithm , 2017, EUROCRYPT.

[19]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[20]  Adi Shamir Factoring Large Numbers with the Twinkle Device (Extended Abstract) , 1999, CHES.

[21]  Eran Tromer,et al.  Factoring large numbers with the TWIRL device , 2003 .

[22]  G. Kalai The Quantum Computer Puzzle , 2016, 1605.00992.

[23]  Jean-Jacques Quisquater,et al.  Time-memory tradeoffs , 2005, Encyclopedia of Cryptography and Security.

[24]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[25]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[26]  Arjen K. Lenstra,et al.  Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[27]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[28]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.