Hacking keys for money - an assessment based on the Bitcoin network

If the Bitcoin network capacity growth continues further at the current pace, then the computing power of this network can constitute an immediate threat to the cryptographic strength of RSA-1024 in a year and a half.

Cryptocurrency Bitcoin uses hash matching to secure transactions. This operation requires significant computing resources, but with the growth of the cryptocurrency rate and the appearance of video cards that allow you to efficiently calculate the necessary cryptography, significant computing resources have already been connected to hashes that have already exceeded the power of professional supercomputers and distributed computing networks (scientific and not so).
The direct operation of the network of bitcoin miners (those involved in the selection of hashes) does not pose a threat to cryptographic keys, but its example is a good estimate of what computing power can be collected if you pay money to all participants. Moreover, paying is not just one big prize for finding a private key, as was done until now, but not very big money, proportional to the contribution to the hacking work. In addition, part of the resources of bitcoin miners can be quickly intercepted if a competition for hacking a cryptographic key is announced, which gives more revenue than mining bitcoins.

Under the cut - a small forecast for the growth of network power, estimates of the time and cost of hacking.

Power forecast

The current bitcoin miner network capacity is 46 petaflops (PetaFLOP / s), with such power breaking one RSA key with a length of 1024 bits requires the most efficient algorithm on average 6.4 years (based on the estimate that on average 10 ¹² MIPS are needed to crack one key years or about 9.47 yottaflops - 9.47 * 10 ²⁴ flops). The graph of total capacity for the last year fits very well on the exponent with the basis “growth of 2.3% per day” (on the logarithmic scale it is direct). If the capacity growth continues at the same pace, then: 1) By the beginning of 2012, the capacity will increase to 3.8 exaflops, an average of 28.5 days will be required for hacking RSA-1024 ,



2) By mid-2012, the capacity will be 242 exaflops, an average of 11 hours will be needed for hacking RSA-1024 ,
3) By the beginning of 2013, the power will be 16 zettlops, an average of 10 minutes will be needed for hacking RSA-1024 , I
remind you, this is about hacking one RSA-1024 key, and not about obtaining funds to crack any key. But if it is the root certification key of some PKI infrastructure, then the entire infrastructure will be compromised - the owner of the private key (or anyone else if the private key is published) can forge certificates in an unlimited amount.
Of course, the growth of the network may slow down or stop (there are a finite number of geeks with video cards, electricity is not free, etc.), the network may contract or disappear altogether. But the trend has been holding for almost a year.

Issue price

Now the prize for one block is 50 bitcoins (plus taxes, but they still make up the share of bitcoin). There are about 7 blocks per hour, i.e. the network brings about 350 bitcoins per hour to participants, now it is $ 3000 at the mtgox exchange rate.
It is difficult to predict how much Bitcoin will cost even in a month, perhaps its value will grow in proportion to the network capacity.
However, someone can stock up on bitcoins now and use them to pay for a key hack in a year or a year and a half. $ 33,000 for hacking in a year or $ 500 for hacking in a year and a half is not very big money when it comes to the root certificate.

Conclusion

Hacking cryptographic keys is simplified if participants receive money for their contribution, and not just one prize.
The threat for RSA-1024 is already quite serious, it is highly desirable to abandon this length of RSA keys for certification keys during the year and in 2 years from private keys of this length.
Actually, experts warned us for a long time , but now the threat has become much more material.
However, the certification keys on the RSA-1024 are still full. For example, Gmail tells me that SSL is authenticated with the VeriSign Class 3 Public Primary CA root certificate, which is valid until 2028, but it is RSA-1024.

The next step in complexity is the ECC-160 cryptographic keys, they require about 10 times more computing resources (about 10¹³ MIPS years).