| ▲ | blintz 7 days ago | |
It’s symmetric keys, so quantum doesn’t matter. | ||
| ▲ | FergusArgyll 6 days ago | parent [-] | |
<pedantry> "On the other hand, symmetric algorithms such as AES are believed to be immune to Shor. In most cases, the best-known quantum key recovery attack uses Grover’s algorithm which provides a generic square-root speed-up over classical exhaustion in terms of the number of queries to the symmetric algorithm. In other words, Grover would recover the 256-bit key for AES-256 with around 2^128 quantum queries to AES compared to around 2^256 classical queries for exhaustion. " - https://csrc.nist.gov/csrc/media/Events/2024/fifth-pqc-stand... </pedantry> the paper itself concludes "the practical security impact of Grover with existing techniques on plausible near-term quantum hardware is limited." | ||