Now That’s Cryptographic Computing Power
It was recently discovered that more than one business were surreptitiously using computing power of visitors to their web sites to mine bitcoins. Maybe they did this as an alternative way of paying for their costs instead of using advertising. Maybe they did this for other reasons. But this should not be too surprising. The cost of electric power is the single biggest cost in solving hard cryptographic problems these days, and that is true whether you are trying to crack a key or just to mine bitcoins. And that means that there is a strong incentive to get someone else to pay for that power. But exactly how much power does it take to do cryptographic calculations?
Back in 2012, at DARPA’s “The Impending End of RSA” workshop, Dan Bernstein gave a talk in which he described how much electric power it would take to crack various RSA keys. He assumed that an attacker would spend a fairly modest amount on hardware, say just a few million dollars or so, and would then use that hardware to crack a key, with the goal being to crack a key within one year.
Dan claimed (but I have never checked his calculations) that for a 1,024-bit RSA key, it would take about the entire output of a typical power plant to do this. He also claimed that to do this with a 2,048-bit RSA, it would take roughly the amount of energy that the Earth receives from the sun in that year. He then suggested that DARPA really should have called their event “The Impending End of RSA-1,024” because the energy requirements for cracking an RSA-2,048 key makes doing it pretty much out of the question. Dan’s scenario for cracking a 1,024-bit key is right on the outer edges of plausibility. Doing it for a 2,048-bit key is really well into the realm of science-fiction.
But the idea of measuring the cost of cryptographic attacks in terms of energy instead of other factors like time or money is an interesting one. A typical power plant might put out about 1 gigawatt, which ends up being about 30 petaJoules (3 x 1016 J) over a year if it is operated at full capacity. The massive Three Gorges Dam in China has a maximum capacity of about 22.5 gigawatts, or about 675 petaJoules (6.75 x 1017 J) if it is operated at full capacity. The Itaipu Dam on the border of Brazil and Paraguay has a maximum capacity of about 14 gigawatts, or about 420 petaJoules (4.2 x 1017 J) if it is operated at full capacity, but has actually produced more electric power in a year than the larger Three Gorges Dam – 370 petaJoules versus 340 petaJoules.
Those are unwieldy numbers to deal with. Fortunately, there is a handy yardstick to use for measuring energies that are roughly that big, and that is the megaton (MT).
A megaton is how much energy a million tons of TNT releases when it explodes, and is equal to about 4 petaJoules (4 x 1015 J). The energy outputs of the Itaipu Dam and the Three Gorges Dam come to 92.5 MT and 85 MT respectively.
The very first nuclear explosion, the Trinity test, had a yield of about 20 kilotons (KT), or 0.02 MT. The W87 warhead that the American Peacekeeper missile carried 10 of had a yield of about 300 KT, or 0.3 MT. The American B83, another typical Cold War strategic nuclear weapon, had a yield of about 1.2 megatons. The biggest nuclear bomb ever, the USSR’s Tsar Bomba device, had a yield of about 50 MT. By comparison, the crack of RSA-1,024 that Dan proposed would use about 7.5 megatons of energy, or more energy than several Cold War era strategic nuclear weapons.
That is a lot of energy.
Is the amount of energy needed to mine bitcoins more than that or less than that?
It looks like bitcoin miners spend about 18 terawatt-hours of energy, or about 65 petaJoules (6.5 x 1016 J), per year mining bitcoins. That is roughly the energy from two power plants. Or it is roughly enough energy to crack two RSA-1,024 keys. Or it is about 16 megatons of energy. Or it is about the energy released by the nuclear weapons from five Peackeeper missiles. Or it is about the energy of a couple of young programmers at Silicon Valley start-ups.
No matter how you measure it, that is still a lot of energy.
About the Author
Luther Martin, Micro Focus Distinguished Technologist, is a frequent contributor to articles and blogs. Recent articles include The Security of Cryptography and the Wisdom of Crowds, in the ISSA Journal, The dangers of implementing blockchain technology in Information Age, as well as Are you accidentally paying for BitCoins? and The Real Value of Bitcoin in the voltage.com blog.