How long would it take to “break” the AES-256 encryption that’s used in Helen's Plan? The only known practical attack on AES-256, when used in the way that Helen's Plan does, is called a “brute force attack” – also known as “exhaustive search” because it requires the attacker to try every possible combination of encryption key until the right key is guessed and the data is unlocked. (If you don’t quite understand the concept of brute force, imagine a phone with a 4-digit passcode. There are 10,000 possible passcodes, from 0000 to 9999. A brute-force attack would be to try every passcode until you reach the correct answer. On average, you’ll need to try half the possible passcodes before you guess the right answer.)
We’ll make some very simple and conservative assumptions, and estimate how long it would take to break Helen's Plan’s encryption if an attacker had different types of computers breaking it:
These are only estimates, because the overriding message that the time it would take to break AES-256 is many many times longer than the age of the universe.
We also make some simplifications, such as assuming that it takes no extra time to verify the decrypted data. That means the figures we give are “worst case” scenarios – for example, if we say it’ll take 1 year to brute-force something, it’ll likely take longer in real life.
So let’s start calculating!
We benchmarked a top-of-the-line, high performance 2015 MacBook Pro with Intel Core i7. It could decrypt using AES-256 GCM at around 120MB/sec on a single core. (While we know that speeds can vary between computers and implementations of encryption, this average benchmark speed will suffice for this analysis.)
For ease of calculation, let’s round up the figure to the nearest power of two: 128MiB/sec per core.
On a 4 core machine with hyperthreading (8 concurrent threads), that equates to 1024MiB/sec, or 230 bytes per second. (Again, we know that it’s likely to be slower because Turbo Boost increases the clock speed when only one core is used, so clock speeds should drop multiple cores are used and thus simply multiplying throughput by the number of threads will overestimate the throughput. But we are being conservative here.)
AES uses a 16 byte block size (24), so on average, a single high performance PC can encrypt 2(30-4) = 226 blocks per second.
That means it can also try 226 different encryption keys per second. The number of seconds in a year is 60 * 60 * 24 * 365.25 = 31,557,600. So the number of keys that a high-end PC can search in one year is 31,557,600 * 226, or 2,117,794,686,566,400. That’s 2,117.8 trillion keys, which sounds like a lot!
On average, to brute-force attack AES-256, one would need to try 2255 keys. (This is the total size of the key space divided by 2, because on average, you’ll find the answer after searching half the key space.) So the time taken to perform this attack, measured in years, is simply 2255 / 2,117.8 trillion. Expressed as an exponent of 10, that’s 2.73 * 1061.
Written in full format:
27, 337, 893, 038, 406, 611, 194, 430, 009, 974, 922, 940, 323, 611, 067, 429, 756, 962, 487, 493, 203 years.
In English: 27 trillion trillion trillion trillion trillion years.
In contrast, the universe has only existed for 15 billion years, which is:
This demonstrates it’s not possible for a single PC to brute-force crack AES-256 encryption within the lifetime of a person, let alone the lifetime of the universe.
So if your home PC can’t brute force AES256, what about the world’s fastest supercomputer?
At the time of writing, the world’s fastest supercomputer, Sunway TaihuLight, can perform at 93 PetaFLOPS. In contrast, the Intel i7 does around 100 GigaFLOPS. This means that the world’s fastest supercomputer is roughly 1 million times faster than a high-end PC when measured in FLOPS. Given that 93 PetaFLOPS (supercomputer) is nearly 1 million times 100 GigaFLOPS (desktop PC), let’s assume that this supercomputer can crack AES encryption 1 million times faster than a high-end PC. Therefore, on average to crack AES-256, it would take
27, 337, 893, 038, 406, 611, 194, 430, 009, 974, 922, 940, 323, 611, 067, 429, 756, 962, 487 years.
That’s 27,337,893 trillion trillion trillion trillion years – still impossible.
Now let’s look at an unrealistic scenario – what if we could somehow put every PC on earth to work, trying to crack your data that was encrypted using Helen's Plan. It’s estimated that there are currently 2 billion PCs on earth, of varying ages and computing power. Let’s assume that each of those 2 billion are as fast as our 2015 MacBook Pro. (Of course in reality most computers will be slower and some will be faster, but we’re talking averages here.) The average time taken for all PCs on earth, working together, to brute force crack AES-256 is:
13, 668, 946, 519, 203, 305, 597, 215, 004, 987, 461, 470, 161, 805, 533, 714, 878, 481 years
Still impossible. But to write that as a number, it’s: 13,689 trillion trillion trillion trillion years.
It should be obvious that why AES-256 is regarded as the gold standard in encryption. So here’s a quick summary:
|Computing power||Average time to crack using exhaustive search|
|High-end PC||27, 337, 893, 038, 406, 611, 194, 430, 009, 974, 922, 940, 323, 611, 067, 429, 756, 962, 487, 493, 203 years|
27 trillion trillion trillion trillion trillion years
|Fastest supercomputer||27, 337, 893, 038, 406, 611, 194, 430, 009, 974, 922, 940, 323, 611, 067, 429, 756, 962, 487 years|
27,337,893 trillion trillion trillion trillion years
|2 billion high-end PCs||13, 668, 946, 519, 203, 305, 597, 215, 004, 987, 461, 470, 161, 805, 533, 714, 878, 481 years|
13,689 trillion trillion trillion trillion years
|Age of the universe||15,000,000,000 years.|
15 billion years
There’s simply no way, with today’s technology, that AES-256 can be brute-force attacked.