Quiz Entry - updated: 2026.07.14
If an attacker has "outrageous resources" (the physical limits of our universe) AND uses TMTO, what key size is needed to stay secure?
With $k^{2/3}$ TMTO, you need about 235-bit keys. With the theoretical $k^{1/3}$ TMTO, you'd need about 480-bit keys — far beyond what's needed against brute force alone (157 bits).
The calculation for $k^{2/3}$:
- "Outrageous resources" can handle $2^{157}$ operations (the physical limit)
- With TMTO at $k^{2/3}$, solve: $(2^x)^{2/3} = 2^{160}$ (using 160 for simplicity)
- $2^{2x/3} = 2^{160}$ → $x = 240$ bits
- More precisely: $157 \times 1.5 \approx 235$ bits
The calculation for $k^{1/3}$:
- $(2^x)^{1/3} = 2^{160}$ → $x = 480$ bits
- Or: $157 \times 3 \approx 471$ bits
What this means in practice:
| Attack Type | Key Size Needed |
|---|---|
| Pure brute force | ~157 bits |
| TMTO at $k^{2/3}$ | ~235 bits |
| TMTO at $k^{1/3}$ | ~480 bits |
Bottom line: AES-256 (256-bit keys) is safe against realistic TMTO even with planet-scale resources, but would fall short against the theoretical $k^{1/3}$ bound. This is why some post-quantum proposals use even larger key sizes.
Go deeper:
Key size (Wikipedia) — recommended key lengths against realistic adversaries.