LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

If an attacker has "outrageous resources" (the physical limits of our universe) AND uses TMTO, what key size is needed to stay secure?

With $k^{2/3}$ TMTO, you need about 235-bit keys. With the theoretical $k^{1/3}$ TMTO, you'd need about 480-bit keys — far beyond what's needed against brute force alone (157 bits).

The calculation for $k^{2/3}$:

  • "Outrageous resources" can handle $2^{157}$ operations (the physical limit)
  • With TMTO at $k^{2/3}$, solve: $(2^x)^{2/3} = 2^{160}$ (using 160 for simplicity)
  • $2^{2x/3} = 2^{160}$ → $x = 240$ bits
  • More precisely: $157 \times 1.5 \approx 235$ bits

The calculation for $k^{1/3}$:

  • $(2^x)^{1/3} = 2^{160}$ → $x = 480$ bits
  • Or: $157 \times 3 \approx 471$ bits

What this means in practice:

Attack Type Key Size Needed
Pure brute force ~157 bits
TMTO at $k^{2/3}$ ~235 bits
TMTO at $k^{1/3}$ ~480 bits

Bottom line: AES-256 (256-bit keys) is safe against realistic TMTO even with planet-scale resources, but would fall short against the theoretical $k^{1/3}$ bound. This is why some post-quantum proposals use even larger key sizes.

Go deeper:

From Quiz: KRYPTOG / Cryptanalysis | Updated: Jul 14, 2026