Perception of Exponents

March, 2026

Exponents

Exponents are very counterintuitive, they get very big very fast. I find it helpful to always keep this number in mind: the number of atoms in the observable universe is about 2³⁰⁰, actually about 2²⁶⁶ more precisely. So with 256 bits one can count 1/1000-th of the atoms in the Universe. Therefore a brute-force search for a 256-bits key would have to “look under” each 1000-th atom in the universe… that “actually feels” like a safe margin!

I also find it very helpful to know how much hashing the Bitcoin network is currently doing per second, that’s about 2⁷⁰ (and thus 2⁹⁵ per year). Then it makes sense, why 80-bits keys are no longer considered adequate.

Here are some more helpful numbers along these lines:

2²⁵ seconds in a year;
2³⁴ hashes/second modern GPU (GeForce RTX 4090 - $2,000)
2⁵⁰ hashes/second industrial-grade miner (Bitmain Antminer S23 Hyd 3U - $30,000 + $5,000/year for electricity)
2⁵⁹ the age of the universe in seconds
2⁷⁰ hashes/second Bitcoin network
2⁷³ number of stars in the Universe
2⁸⁰ steps to attack considered feasible
2⁹⁵ hashes/year Bitcoin network
2¹²⁸ steps to attack is about the lifetime of the universe for bitcoin hashpower if one step is one hash
2²⁵⁶ steps an attacker would not be able to do ever
2²⁶⁶ atoms in the observable universe
2⁴⁰³ the number of ops the universe has made in its lifetime, if one atom is one compute device doing one op at a speed the light traverses its diameter (1 fm) (see the paper of Lloyd from 2001 for a more accurate assessment).

It is only meaninful to think about an exponential-time algorithm, O(2ⁿ), for inputs of small length n < 300. For larger n it becomes kind of meaninless. Same is true for a polynomial-time algorithm, if the runtime is O(n³⁰⁰) it samewise infeasible.

I was once in a group of students helping Don Knuth to clean-up a small local library in the Stanford’s CS department. At the time he was working on SAT solvers for Volume 4 of his The Art of Computer Programming book series. When we were done, I asked him: “What’s your intuition now, do you think P = NP or not?” And his answer was most remarkable. He said he feels P = NP, but the degree of the polynomial would be so large, that it is not tractable in any practical sense. Indeed, if it takes O(n³⁰⁰) time to solve an NP-complete problem, it is well above feasible. So cryptographers would still stay in business ;)

DISCLAIMER: Opinions expressed here are my own and may change without notice. The content on this blog is for informational purposes only and should not be considered technical, legal, or investment advice. While I strive for accuracy, I cannot guarantee that all information is correct or complete, and I am not responsible for any errors or how the content is used. Readers should consult their own advisers regarding any technical, legal, or other professional matters.