yego.me
yego.me
💡 Stop wasting time. Read Youtube instead of watch. Download Chrome Extension

How secure is 256 bit security?

3m read
·Nov 8, 2024

In the main video on cryptocurrencies, I made two references to situations where in order to break a given piece of security, you would have to guess a specific string of 256 bits. One of these was in the context of digital signatures, and the other in the context of a cryptographic hash function.

For example, if you want to find a message whose SHA-256 hash is some specific string of 256 bits, you have no better method than to just guess and check random messages. This would require, on average, 2 to the 256 guesses. This is a number so far removed from anything we ever deal with that it can be hard to appreciate its size, but let's give it a try.

Two to the 256 is the same as 2 to the 32 multiplied by itself 8 times. What's nice about that split is that 2 to the 32 is 4 billion, which is at least a number we can think about. All we need to do is appreciate what multiplying 4 billion times itself 8 successive times really feels like.

As many of you know, the GPU on your computer can let you run a bunch of computations in parallel incredibly quickly. If you were to specially program a GPU to run a cryptographic hash function over and over, a really good one might be able to do a little less than a billion hashes per second.

Let's say you just take a bunch of those and cram your computer full of extra GPUs so that your computer can run 4 billion hashes per second. So the first 4 billion here is going to represent the number of hashes per second per computer. Now, picture 4 billion of these GPU-packed computers.

For comparison, even though Google does not at all make their number of servers public, estimates have it somewhere in the single-digit millions. In reality, most of those servers are going to be much less powerful than our imagined GPU-packed machine. But let's say that Google replaced all of its millions of servers with a machine like this, then 4 billion machines would mean about 1,000 copies of this souped-up Google.

Let's call that 1 kilo-Google worth of computing power. There's about 7.3 billion people on Earth. So next, imagine giving a little over half of every individual on Earth their own personal kilo-Google. Now, imagine 4 billion copies of this Earth.

For comparison, the Milky Way has somewhere between 100 and 400 billion stars. We don't really know, but the estimates tend to be in that range. This would be akin to a full 1% of every star in the galaxy having a copy of Earth where half the people on Earth have their own personal kilo-Google.

Next, try to imagine 4 billion copies of the Milky Way. And we're going to call this your giga-galactic supercomputer, running about 2 to the 160 guesses every second. Now, 4 billion seconds, that's about 126.8 years.

Four billion of those, well that's 507 billion years, which is about 37 times the age of the universe. So even if you were to have your GPU-packed kilo-Google-per-person multiplanetary giga-galactic computer guessing numbers for 37 times the age of the universe, it would still only have a 1 in 4 billion chance of finding the correct guess.

By the way, the state of Bitcoin hashing these days is that all of the miners put together guess and check at a rate of about 5 billion billion hashes per second. That corresponds to one third of what I just described as a kilo-Google. This is not because there are billions of GPU-packed machines out there, but because miners actually use something that's about 1000 times better than a GPU, application-specific integrated circuits.

These are pieces of hardware specifically designed for Bitcoin mining, for running a bunch of SHA-256 hashes, and nothing else. Turns out, there's a lot of efficiency gains to be had when you throw out the need for general computation and design your integrated circuits for one and only one task.

Also, on the topic of large powers of two that I personally find it hard to get my mind around, this channel recently surpassed 2 to the 18th subscribers. And to engage a little more with some sub-portion of those 2 to the 18 people, I'm going to do a Q&A session.

I've left a link in the description to a Reddit thread where you can post questions and upvote the ones you want to hear answers to. And probably in the next video or on Twitter or something like that I'll announce the format in which I'd like to give answers. See you then!

Lecture 16 - How to Run a User Interview (Emmett Shear)
What can I do to protect my account?

More Articles

View All
14 minutes of more useless information..
[Music] As I was getting ready to go out the other day, I realized I couldn’t button my pants up all the way. I realized I was gravitationally challenged and that I had been growing in all the wrong directions. So I started doing what any reasonable perso…
Paycheck Squabble | Wicked Tuna
What do you think of a nice tuna check when we go in? Oh right, one out. All right. I think we were fishing every day, really. Hmm, so far in this trip, we’ve already lost two paychecks. And to top it off, I still haven’t been paid for the first three fi…
Subtracting with integer chips | Integers: Addition and subtraction | 7th grade | Khan Academy
Let’s say that we want to figure out what negative 8 minus negative 2 is. Now, there’s a lot of ways to approach this, but what we’re going to focus on in this video is to really build the intuition, and we’re going to do that with something called number…
Are There Lost Alien Civilizations in Our Past?
When we think about alien civilizations, we tend to look into the vastness of space, to far away planets. But there is another incredibly vast dimension that we might be giving too little thought to: time. Could it be that, over the last hundreds of milli…
BONUS VIDEO | Origin of the Mutant Plural | Grammar | Khan Academy
Hello grammarians! I wanted to talk to you again about mutant plurals. So, to review, a mutant plural is… there are only seven of them in English, and they all change sound when they pluralize. You don’t add an “s,” you don’t add an “en,” you don’t change…
It’s Over: China Just Broke The US Dollar
What’s up guys, it’s Graham here. So it’s official: China and Brazil have just struck a deal to ditch the US dollar. Whoops! Okay, before everyone freaks out, don’t worry, it’s a fake build for dramatic effect, but the point still remains. The world’s sec…