4M is a steal for a WebPKI CA private key. On Thu, Apr 9, 2026 at 2:13 PM Peter Gutmann <pgut001= [email protected]> wrote:
> Muhammad Usama Sardar <[email protected]> writes: > > >I am asking because to my knowledge, the formal (vs. cryptographic/ > >computational) analyses consider that all ECC keys are leaked on the > advent > >of CRQC and essentially model it as a switch to leak all ECC keys > > All ECC keys are leaked *eventually*. Like, by the heat death of the > universe. Virtually no-one ever gives any estimate of the time and effort > involved in recovering a key via physics experiment because doing so makes > things look kinda bad. One of the few figures we have is from the German > BSI > which estimates 100 days and EUR 4M in electricity to recover a single > 2048- > bit key on an imagined physics experiment. So a single quantum physics > experiment can recover just over three keys a year at a cost of over EUR > 12M. > > In 2017, 7 trillion keys were negotiated for web traffic alone (it's > probably > a lot higher now). So that leaves 6,999,999,999,997 keys unrecoverable, > and > that's ignoring the fact that the estimate was for the IFP, which is > irrelevant, not the DLP, which is the one of interest for IPsec, TLS, SSH, > WireGuard, etc. > > Peter. > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
