Hasty Briefsbeta

Bilingual

Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys

5 hours ago
  • #cryptography
  • #post-quantum-security
  • #quantum-computing
  • Quantum computers threaten asymmetric cryptography (ECDH, RSA, etc.) via Shor's algorithm, but not symmetric algorithms like AES and SHA.
  • Misconception: Grover's algorithm halves symmetric key security, requiring 256-bit keys. In reality, Grover's parallelization limitations make AES-128 safe.
  • Grover's algorithm requires sequential execution; parallelizing reduces its quadratic speedup, making attacks on 128-bit keys impractical (e.g., needing 140 trillion quantum circuits for 10 years).
  • NIST confirms AES-128 is safe post-quantum, using it as a benchmark (Category 1), and standards like BSI also endorse AES-128 without key size changes.
  • Switching to 256-bit symmetric keys is unnecessary and diverts resources from urgent post-quantum transitions; well-designed protocols like TLS already ensure 128-bit security.
About|Login