Abstract
An open question about the asymptotic cost of connecting many processors to a large memory using three dimensions for wiring is answered, and this result is used to find the full cost of several cryptanalytic attacks. In many cases this full cost is higher than the accepted complexity of a given algorithm based on the number of processor steps. The full costs of several cryptanalytic attacks are determined, including Shanks' method for computing discrete logarithms in cyclic groups of prime order n, which requires n 1/2+o(1) processor steps, but, when all factors are taken into account, has full cost n2/3+o(1). Other attacks analyzed are factoring with the number field sieve, generic attacks on block ciphers, attacks on double and triple encryption, and finding hash collisions. In many cases parallel collision search gives a significant asymptotic advantage over well-known generic attacks.
Author supplied keywords
Cite
CITATION STYLE
Wiener, M. J. (2004). The full cost of cryptanalytic attacks. Journal of Cryptology, 17(2), 105–124. https://doi.org/10.1007/s00145-003-0213-5
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
