The whole reason the USG rescued Cray in the late-1990s/early-2000s was to insure the continued availability of large memory image vector supercomputers. Part of this may have been to it being less costly than converting their processing systems from vector codes and algorithms to massively parallel distributed processing ones. At that time the cluster interconnects were much, much slower in terms of both bandwidth and latency than they are today. Solving very large sparse matrices would have been tougher on an MPP system than on a vector one. You can read about some of this history in Bamford's "Shadow Factory."
There have been a number of very cost effective hardware approaches proposed for significant acceleration of both the sieving and linear algebra components of the NFS. Many of these proposals could successfully and cost effectively attack a 1024-bit number in the 2003/2004 era. The process at that time was around 130-nm. Today's process would have features at the 32-nm or 22-nm size. Today there has been a 100-fold increase in performance since 2003. (See http://tau.ac.il/~tromer/cryptodev/ for an overview.)
Combine this specialized hardware with an algorithmic improvement that gets to O(log n) or O(n log n)....
AES appears fine. The NSA and USG in general make a very strong effort in the 2000s to move all civilian command and control systems for satellites to AES-256 with TRANSEC capabilities. A brute force attack on AES-256 with a quantum computer should be on the order of 2^128 operations with currently know QC factoring algorithms. AES-128 looks weak at 2^64.
If the NSA can break something, they need to assume that their primary opponents can do so or will do so soon. China specifically comes to mind here. The can not release cryptography suites with known vulnerabilities. It is widely thought that it is more importantly to secure one's own signals before intercepting and decrypting one's enemies.
I think everything on the internet needs to be moved to Suite B protocols with forward secrecy enabled. AES-GCM overcomes all the known attacks (i.e. CRIME) against AES-CBC and AES-CTR.
I get the impression that the NSA is eight to ten years ahead of the public domain cryptographers in some areas. I think this gap is shrinking slowly. However, I have also heard that the NSA is preventing publication of some papers developed in the public domain due to national security reasons.
There have been a number of very cost effective hardware approaches proposed for significant acceleration of both the sieving and linear algebra components of the NFS. Many of these proposals could successfully and cost effectively attack a 1024-bit number in the 2003/2004 era. The process at that time was around 130-nm. Today's process would have features at the 32-nm or 22-nm size. Today there has been a 100-fold increase in performance since 2003. (See http://tau.ac.il/~tromer/cryptodev/ for an overview.)
Combine this specialized hardware with an algorithmic improvement that gets to O(log n) or O(n log n)....
AES appears fine. The NSA and USG in general make a very strong effort in the 2000s to move all civilian command and control systems for satellites to AES-256 with TRANSEC capabilities. A brute force attack on AES-256 with a quantum computer should be on the order of 2^128 operations with currently know QC factoring algorithms. AES-128 looks weak at 2^64.
If the NSA can break something, they need to assume that their primary opponents can do so or will do so soon. China specifically comes to mind here. The can not release cryptography suites with known vulnerabilities. It is widely thought that it is more importantly to secure one's own signals before intercepting and decrypting one's enemies.
I think everything on the internet needs to be moved to Suite B protocols with forward secrecy enabled. AES-GCM overcomes all the known attacks (i.e. CRIME) against AES-CBC and AES-CTR.
I get the impression that the NSA is eight to ten years ahead of the public domain cryptographers in some areas. I think this gap is shrinking slowly. However, I have also heard that the NSA is preventing publication of some papers developed in the public domain due to national security reasons.