This Week In Cyber: April 19, 1965
The Power Of Doubling with Moore’s Law
There is a story, perhaps apocryphal, that an Emperor was so impressed with the invention of the game of Chess that he was willing to pay the inventor any reward he demanded. The inventor had a request that amused the Emperor because it was seemingly so meager in comparison with his invention. The inventor asked for one grain of rice for the first Chess board square, two grains of rice for the next square, four for the next, eight for next, and so forth until the number of grains were doubled for the entire 64-square Chess board. The Emperor agreed, not realizing that the request (a number with 19 zeros) well exceeded the amount of rice in his Kingdom. The story is designed to teach the folly of short sightedness, but it also shows the mathematical power of doubling. That power is the basis of Moore’s Law, which in 1965, claimed that computing power doubles every 18 months. Moore’s Law, established this week over 50 years ago, remains one of technology’s most significant and relevant trends.
How It Happened, April 19, 1965
Gordon E. Moore was a research and development engineer at Fairchild Semiconductor, an innovative company working to create a commercially-viable computer chip. In 1965 Moore was invited to write a feature in the magazine Electronics about a niche scientific area: the semiconductor components industry. Moore’s resulting article, “Cramming More Components onto Integrated Circuits,” outlined a simple prediction for the future of hardware manufacturing, with important implications for the technology and security industries. Moore’s now famous law claimed that computing power doubles every 18 months.
Exponential Growth
Moore was the first person to observe that the number of transistors on a computer chip tended to double every eighteen months, producing a line that corresponds to exponential growth. More complexity on computer chips means more processing power, more memory, and smaller devices. And, for the past 50+ years, Moore’s prediction has held true. Moore’s Law is a projection, though, not a physical or natural law – and the author himself never believed that his observations in the 60s would remain true indefinitely. In his article, Moore recognizes: “Over the longer term, the rate of increase is a bit more uncertain, although there is no reason to believe it will not remain nearly constant for at least 10 years.”
The efficacy of the Law has as much to do with economics as technology. At the time, competition between manufacturing companies motivated the rapid increase in processing capabilities, while driving the cost of computer chips down. Soon, Moore’s Law became an objective for growth, as companies viewed keeping pace with the Law as the industry standard. Other observers say that it became a self-fulfilling prophecy, because scientists and engineers pursued new innovations specifically to sustain the Law.
If the trends indicated in Moore’s Law are maintained, computing power per unit cost will increase by about 500% by 2020.
Why It Matters
The implications of Moore’s Law extend beyond the business of technology. Moore’s Law has now become intertwined with the conversation surrounding security because increased processing power can be used for malicious purposes, such as cracking cryptographic systems.
Before we explain the connection, here’s a little context: Security controls that use cryptography simply encrypt sensitive data with secret keys. Keys are simply a string of numbers which are usually very large, binary numbers. The greater the length of the key, the more secure the cryptographic system is.
But because keys are simply a string of numbers, they can, given enough time and resources, be guessed. The name for this guessing attack is called a brute force attack. Attackers simply attempt every possible combination for a key. And here is where’s Moore’s law comes in: Attackers need massive amounts of processing power to carry out a brute force attack to try all key combinations. The amount of time and resources that is required to perform a brute force attack is called the work factor. Moore’s Law means that attackers have access to machines with growing processing power, effectively reducing the work factor.
Security practitioners who are designing cryptographic systems are constantly thinking about the work factor (and, therefore, Moore’s Law). A security practitioner may choose a cryptographic control that can be cracked by modern computing in one year. Applying Moore’s Law, six years down the line, it will take attackers 23 days to crack the key with contemporary technology. This means practitioners must update the cryptographic systems periodically and ensure the most critical information is protected with long key lengths.
Why It Matters to You
Theories like Moore’s Law is content included in the CISSP exam. While it is conceptual, it has real implications for your organization’s security. That’s why the CISSP exam is more than an expensive piece of paper: It’s a signal to employers that you understand security principles and can apply them during your job.
At CyberVista we have two goals: Help you learn the material so you can pass the exam, and help you retain the information so you can apply what you learn. Learn more about CyberVista’s CISSP Training Course here.