From: wcs@anchor.ho.att.com (Bill_Stewart(HOY002)1305)
Date: Thu, 17 Jun 93 19:40:40 PDT
To: cypherpunks@toad.com
Subject: Re: fast des
Message-ID: <9306180042.AA03435@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text


Steve Bellovin refers to Hans Eberle's paper on a GAs-based 1Gb/s DES chip,
which is available on gatekeeper.dec.com under the SRC directory.
The search time of 16 days for $1M, aka 1 day for $30M (incl. support chips),
is fairly similar to Peter Wayner's Content-Addressible-Memory approach,
which would cost an estimated $30M for a 1 day search.
(Average search time is about half as long as exhaustive searches.)

To put this in a cost-per-solution context, if you amortize over 5 years,
that's about 4000 solutions, so that's a bit under $10K per solution.
It's more expensive than David Sternlight's $25/solution guess,
but it's interestingly small - certainly worthwhile for occasional 
national security applications, or robbing electronic funds transfer networks,
(at least for the $1M slower version), and it's in the ballpark of the 
rental rate for Congressmen :-)  (the Abscam folks paid $50K to Senator 
Harrison Williams for some light work...)

Since Skipjack uses an 80-bit key, the NSA or other rich organizations with
access to it ought to be able to get similar performance in 24-48 years,
assuming speed doubling continues at its 1-2 year rate.  We'd be better
off with something with a longer key, such as triple-DES.
	
				Bill Stewart