Hacking keys for money - estimate based on the Bitcoin network

If the growth of the Bitcoin network's power continues further at the current pace, then the computing power of this network may constitute an immediate threat to the RSA-1024 cryptographic strength in a year and a half.

Cryptocurrency Bitcoin uses the selection of hashes to secure the transactions performed. This operation requires significant computational resources, but with the growth of the cryptocurrency rate and the emergence of video cards that effectively calculate the desired cryptography, significant computational resources have already been connected to the selection of hashes, which have already surpassed the power of professional supercomputers and distributed computing networks (scientific and not-so).
The work of the Bitcoin-miners network itself (those involved in the selection of hashes) does not pose a threat to cryptographic keys, but her example is a good assessment of what computing power can be collected if all participants pay money. And pay not just one big prize for finding the private key, as it was done until now, and not very big money, proportional to the contribution to the work on hacking. In addition, part of the bitcoin miners' resources can be quite quickly intercepted if a competition is announced for breaking a cryptographic key, which gives a greater income than the mining of bitcoins.

Under the cut - a small prediction of network capacity growth, estimates of the time and cost of hacking.

Power forecast

The current network power of bitcoin miners is 46 petaflops (PetaFLOP / s), with such a power, breaking one RSA key with a length of 1024 bits requires an average of 6.4 years with the most efficient algorithm (based on an estimate that for breaking one key you need an average of 10 ¹² MIPS- years or about 9.47 yottalop - 9.47 * 10 ²⁴ flop).

The graph of total capacity for the last year falls very well on the exponent with the base “growth of 2.3% per day” (on a logarithmic scale, this is a straight line). If the growth of power will go at the same pace, then:
1) By the beginning of 2012, the capacity will increase to 3.8 exaflops, an average of 28.5 days will be necessary for breaking RSA-1024,
2) By the middle of 2012, the power will be 242 exaflops, an average of 11 hours will be needed for breaking the RSA-1024,
3) By the beginning of 2013, the capacity will be 16 ztataflops, an average of 10 minutes will be needed for breaking into RSA-1024,
I remind you that we are talking about hacking one RSA-1024 key, and not about getting money to hack any key. But if it is the root certification key of any PKI infrastructure, then the entire infrastructure will be compromised - the owner of the private key (or anyone else, if the private key is published) can forge certificates in unlimited quantities.
Of course, the growth of the network may slow down or stop (geeks with video cards are finite, electricity is not free, etc.), the network may shrink or disappear altogether. But the trend has been going on for almost a year.
')

Issue price

Now the prize for one unit is 50 bitcoins (plus taxes, but they still make up bitcoin shares). Blocks per hour find about 7, i.e. The network’s work brings participants about 350 bitcoins per hour, now it’s $ 3000 at the rate of mtgox.
It is difficult to predict how much bitcoin will cost even in a month, perhaps its cost will grow in proportion to the network capacity.
However, someone can stock up on bitcoins now and use them to pay for breaking a key in a year and a half. $ 33,000 for a break in a year or $ 500 for a break in a year and a half is not a lot of money when it comes to the root certificate.

Conclusion

Hacking cryptographic keys is simplified if participants receive money for their contribution, and not just one prize.
The threat to RSA-1024 is already quite serious, it is highly desirable to abandon this length of RSA keys for certification keys for a year and for 2 years from personal keys of that length.
Actually, experts warned us a long time ago , but now the threat has become significantly more material.
However, the certification keys on the RSA-1024 are still full. For example, Gmail tells me that SSL is certified by the root certificate "VeriSign Class 3 Public Primary CA", which is valid until 2028, but it is RSA-1024.

The next step in complexity is the ECC-160 cryptographic keys, which require about 10 times more computing resources (about 10 ¹³ MIPS-years).