Historically speaking, the US Government is pretty damn good at winning wars of attrition. Don't think you're going to find any amount of money that Congress won't happily hand to the military-industrial complex. They'll spend whatever it takes.

Honestly I'm not sure who would win.

One estimate I found was that there 150 million iPhone 5's shipped in the first year, and each one was about 25 GFlops. If 1% of that CPU was spent encrypting & decrypting communications to and from the iPhones, that is about 37,500 TFlops, which is just over the Rmax listed for the top supercomputer, Tianhe-2. Some numbers for the cost of that supercomputer are around $100 million, but the estimated cost for the Xeon Phis alone could be as high as $250 million. Giving the defenders the advantage, let's round up to $1 billion.

So the NSA needs to spend $1 billion per year to counteract the top smartphone in the world. Their budget is estimated to be as high as $10 billion / year, so they could do it. But how much of the total pie are iPhone 5's? I think to be competitive we need to push the cost to the NSA up towards $30 or $100 billion per year. $1 billion is trivial, $10 billion Congress will swallow and move on. They still fund NASA to the tune of $16 billion, and no one in Congress even cares about NASA anymore. But $100 billion per year, then you're talking real money.

So what fraction of total personal computer sales are iPhone 5's? If they're 10%, we'll be hard-pressed to keep the NSA out of the game. If they're 1% of personal computer sales, I think we have a chance of keeping ahead of them.

Current estimated total cost for just one of many fighter jet programs (F-35 joint strike fighter): $397 billion. That's when we're barely making noise about something that unequivocally provides no national security benefit unless we're planning on aerial dogfighting like it's WWI. There are dozens of similarly useless or near-useless defense spending programs, like the tanks the Army keeps saying it doesn't want.

Imagine what we could spend on an actual threat.

That's $397 billion over many years; I am suggesting a target of $100 billion per year.

That's not to say we couldn't or wouldn't spend in excess of $100 billion per year on a boondoggle. We've done it before and we'll do it again. But I think $100 billion is the point at which money even becomes an issue. $1 or $10 billion and there's barely a point in trying.

Buying two to three years will be enough in the average case.

Targeted individual surveillance will likely always be possible (not just because of encryption, but because of the 5$ wrench, trojans and so on). What we need is to make global, indiscriminate and realtime surveillance computationally unfeasible.

Three years from now, most commercially-sensitive, politically-embarrassing, or otherwise-newsworthy material, will likely be obsolete.

> Historically speaking, the US Government is pretty damn good at winning wars of attrition.

Unless you are speaking in some kind of figurative sense where I'm missing the metaphor, this isn't really true. The few real wars of attrition where the US has been on the winning side (WWI comes to mind) it "won" by joining late when the other side (as well as its allies) had already suffered considerable attrition. But even in those circumstances, its record in wars of attrition isn't that great (the US portion of the extended colonial conflict in Indochina comes to mind.)

Yeah it was an unfortunate phrasing. I meant as far as outspending an enemy (i.e. the USSR) to match/exceed technological capabilities.

Does this apply to Viet Nam, and Mission Accomplished?

Breaking cryptography doesn't require sending people's children to die, giving people PTSD, or otherwise angering a significant portion of the US population. If anything, it creates good middle-class jobs.

Imagine how much computing power the US fighter jet program's budget could buy.

then the people need to keep voting new people into office until the politicians GET IT.

If you hold assets in US dollars, or generally speaking use commodities and have a currency bound to the dollar in any way, they're consuming your wealth to keep up with that arbitrary increase of cost on computation. That means, you can never outlast them or win a war of attrition. They have your bank account via deficit financing (or taxes optionally). The only reason we have such a massive military + intelligence system to begin with is they can use inflationary means for financing it all (aka steal your purchasing power).

There's only one successful way to fight this: change the culture and change the politics.

Technical approaches are fine for shielding you today. At the rate the police state is accelerating, it's very unlikely to shield you tomorrow, as they're going to outlaw the means of shielding. They will not allow an arms race, they'll use their legal powers to shut it down, and make you a criminal.

"There's only one successful way to fight this: change the culture and change the politics."

Not going to happen short of a mass global natural disaster or mass military takeover changing the stakes. There's too much power concentrated at the top and no good reason for the people there to surrender any of it. If the masses get too persistent, they will "cull" the masses through whatever means...

This seems like a legitimate use case for an FPGA in every PC. Implement a set of expensive algorithms in Verilog, put it up on Github and set up some slick distribution mechanism that updates the logic when needed without bothering non-technical users with it. This would prevent the crypto from using up too much general purpose processing resources, cause it to be acceptably fast and provide a mechanism for updating the algorithms when flaws are found or new algorithms are introduced. Downside is that it would probably take up to a decade to actually be adopted by the majority of PC users, but then again, the majority of PC users will probably not care too much.

> set up some slick distribution mechanism that updates the logic when needed without bothering non-technical users with it.

You'll need to make sure that those responsible to signing the updates are resistant to coercion. The best bet there is probably a moderately large number of somewhat anonymous signers. Have a large and diverse pool of signers and require every update to have some portion of the signers sign off on it before the releases are accepted. With any luck if doors start getting kicked in and signers start getting hit with wrenches, at least one of them will be able to warn the public.

And NSA will just have to buy one of these for each PC sold. And when buying in such bulk the devices will be times cheaper than what comes to the user.

And for 4 billion USD they could create their own foundry. And then costs begin to plummet once again.

I agree this is a good idea but I think using the words "encrypt" and "decrypt" confuses the goal a little bit as this idea is still useful even if the message aren't required to be confidential form anyone. I think "encapsule" and "release" describe it better. These operations can be used in combination with encrypt and decrypt if encryption is needed.

That's sort of an interesting idea. Of course without the key it's always absurdly difficult to decrypt...but if we're worried about them intercepting keys, this could make life harder for them.

Which is funny, because that's the idea behind bitcoin, you get 'money' because you did work.

The weird thing of course is that the work is completely 'useless'

The purpose of the hashing work in bitcoin is to solve the Two Generals Problem. The purpose of widespread expensive encryption of emails is to make routine decryption impractical. Two different problems, which don't have much in common besides having a solution involving computers doing work.