Comparison of cryptographic strength

This
table appears in NIST Special Publication 800-57 from July 2012 titled
'Recommendation for Key Management – Part 1: General(Revision 3)'.
This table is about classical security.

Symmetric |
Elliptic |
DH or RSA |

80 |
163-223 |
1024 |

112 |
224-255 |
2048 |

128 |
256-383 |
3072 |

192 |
384-511 |
7680 |

256 |
512+ |
15360 |

The classical security of curve25519 is 128 bits and matches that of a 3072 bit RSA/Diffie-Hellman public key.

Curve25519 and other classical elliptic, DH and RSA public keys can be broken using quantum computer (if they become reality in code breaking).

The classical security of a SIDH key is 192 bits. In scientific papers authors of SIDH (p751) construction state that its quantum security is roughly 128 bits, in NIST’s Post-Quantum Cryptography project they classify it as "matching the post-quantum security of AES192" - this refers to NIST's Quantum Security Strength Categories III.

Security of 128 bits means that about 2^128 operations are needed to find the secret key.

How long would one such quantum computing operation take - quite probably it requires more time than current classical encryption operation.

To put that into perspective consider the bitcoin network. It currently (on July 3, 2018) does below 50x10^18 hash operations per second (see https://www.blockchain.com/charts/hash-rate). Current encryption operations may be faster than hash operations, let's estimate that bitcoin network can do those 100 times faster i.e. at 50x10^20 operations per second. Thus the network could now break 128 bit security in

2^128/50x10^20/31536000=107 902 830 708 years.

Note: the reader can check the calculations using e.g. the Windows calculator.

Consider now bitcoin's energy consumption. This is now estimated to be between 18 TWh and 71 TWh per year (see https://digiconomist.net/bitcoin-energy-consumption).

If we take the lowest value 18 TWh/year and multiply that with the years needed we get:

107902830708 x 18 Twh=1 942 250 952 744 TWh which is the energy needed to break 128 bit security in current technology. On year 2015 world's total electricity consumption was 20 201,31 TWh (according to International Energy Agency).