{"id":322564,"date":"2026-04-22T05:15:07","date_gmt":"2026-04-21T23:45:07","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=322564"},"modified":"2026-04-22T05:15:07","modified_gmt":"2026-04-21T23:45:07","slug":"contrary-to-popular-superstition-aes-128-is-just-high-quality-in-a-post-quantum-world","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/04\/22\/contrary-to-popular-superstition-aes-128-is-just-high-quality-in-a-post-quantum-world\/","title":{"rendered":"Contrary to popular superstition, AES 128 is just high quality in a post-quantum world"},"content":{"rendered":"<div>\n<p>On Monday, Valsorda finally channeled years\u2019 price of frustration, fueled by the widely held misunderstanding, right into a <a href=\"https:\/\/words.filippo.io\/128-bits\/\">blog post<\/a> titled \u201cQuantum Computers Are Not a Threat to 128-bit Symmetric Keys.\u201d<\/p>\n<p>\u201cThere\u2019s a standard misconception that quantum computers will \u2018halve\u2019 the safety of symmetric keys, requiring 256-bit keys for 128 bits of security,\u201d he wrote. \u201cThat isn&#8217;t an accurate interpretation of the speedup offered by quantum algorithms, it\u2019s not reflected in any compliance mandate, and risks diverting energy and a spotlight from actually crucial post-quantum transition work.\u201d<\/p>\n<p>That\u2019s the simple a part of the argument. The much harder part is the maths and physics that designate it. At its highest level, it comes all the way down to a fundamental difference in the best way a brute-force search works on classical computers versus the best way it really works using Grover\u2019s algorithm. Classical computers can perform multiple searches concurrently, a capability that enables large tasks to be broken into smaller pieces to finish the general job faster. Grover\u2019s algorithm, in contrast, requires a long-running serial computation, where each search is completed separately.<\/p>\n<p>\u201cWhat makes Grover special is that as you parallelize it, its advantage over non-quantum algorithms gets smaller,\u201d Valsorda said in an interview. He continued:<\/p>\n<blockquote>\n<p>Imagine it with small numbers, let\u2019s say there are 256 possible mixtures to a lock, A traditional attack would take 256 tries. You choose it\u2019s too long, so that you get three friends and also you each do 64 tries. \u201cThat\u2019s the classical parallelization. With Grover you would in theory do \u221a256)=16 tries in a row, but when that\u2019s still too long and also you again search for help from three friends. Each has to do \u221a256\/4)=8 tries.<\/p>\n<p>So in total you do 8*4=32 tries, which is greater than the 16 you&#8217;d have done alone! Asking for help to parallelize the attack made the attack slower overall. Which isn&#8217;t the case for classical attacks.<\/p>\n<p>After all the numbers are way larger, but when we apply any reasonable constraint on the attacker (like having to complete a run in 10 years), the full work becomes so rather more than 2<sup>64<\/sup>.<\/p>\n<p>Also, 2<sup>64<\/sup> was never the correct number, because that pretends you&#8217;ll be able to do AES as a single operation on a single qubit. That is somewhat orthogonal. The mix of those two observations turn the actual cost into 2<sup>104<\/sup> give or take, which is well beyond the edge for security.<\/p>\n<\/blockquote>\n<p>Sophie Schmieg, a senior cryptography engineer at Google, explained it this fashion:<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Monday, Valsorda finally channeled years\u2019 price of frustration, fueled by the widely held misunderstanding, right into a blog post titled \u201cQuantum Computers Are Not a Threat to 128-bit Symmetric Keys.\u201d \u201cThere\u2019s a standard misconception that quantum computers will \u2018halve\u2019 the safety of symmetric keys, requiring 256-bit keys for 128 bits of security,\u201d he wrote. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":322565,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[50886,50885,3189,1321,50887,29782,813],"class_list":["post-322564","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-aes","tag-contrary","tag-fine","tag-popular","tag-postquantum","tag-superstition","tag-world"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/322564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=322564"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/322564\/revisions"}],"predecessor-version":[{"id":322567,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/322564\/revisions\/322567"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/322565"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=322564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=322564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=322564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}