Comparison of cryptographic strength

This
table appears in NIST Special Publication 800-57 from July 2012 titled
'Recommendation for Key Management – Part 1: General(Revision 3)'.
This table is about classical security.

Symmetric |
Elliptic |
DH or RSA |

80 |
163-223 |
1024 |

112 |
224-255 |
2048 |

128 |
256-383 |
3072 |

192 |
384-511 |
7680 |

256 |
512+ |
15360 |

The classical security of curve25519 is 128 bits and matches that of a 3072 bit RSA/Diffie-Hellman public key.

Curve25519 and other classical elliptic, DH and RSA public keys can be broken using quantum computer (if they become reality in code breaking).

In quantum attack symmetric ciphers like AES and Chacha20 lose their security the following way: N bit security obtained by using N bit key becomes a security of N/2 bits. Chacha20 in EndCryptor uses 256 bit keys and so in quantum attack it has a security of 128 bits.

In a recent scientific paper it is shown that the classical and quantum security of a SIDH p751 is at least the same as AES 256 - i.e. achieving NIST's Quantum Security Strength Categories 5, the best possible level.

Consider now the task of breaking the symmetric encryption of Chacha20. This means that about 2^128 quantum operations are needed to find the secret key.

How long would one such quantum computing operation take - quite probably it requires more time than current classical encryption operation.

To put that into perspective consider the bitcoin network. It currently (on July 3, 2018) does below 50x10^18 hash operations per second (see https://www.blockchain.com/charts/hash-rate). Current encryption operations may be faster than hash operations, let's estimate that bitcoin network can do those 100 times faster i.e. at 50x10^20 operations per second. Thus the network could now break 128 bit security in

2^128/50x10^20/31536000=107 902 830 708 years.

Note: the reader can check the calculations using e.g. the Windows calculator.

Consider now bitcoin's energy consumption. This is now estimated to be between 18 TWh and 71 TWh per year (see https://digiconomist.net/bitcoin-energy-consumption).

If we take the lowest value 18 TWh/year and multiply that with the years needed we get:

107902830708 x 18 Twh=1 942 250 952 744 TWh which is the energy needed to break 128 bit security in current technology. On year 2015 world's total electricity consumption was 20 201,31 TWh (according to International Energy Agency).