|
|
|
|
|
|
by dependenttypes
2126 days ago
|
|
|
> which is kind of on margin even classically Is it though? It requires around 2^128 operations to be broken. It does not seem very marginal to me. It is not like AES where you have to deal with batch-attacks or cryptographic hash functions where collisions for a n-length output require only sqrt(2^n) attempts. |
|
|
That 128 bits is theoretical upper bound, not necessarily an achievable security rate. That’s the point of margin.