Quantum Computers Are Not a Threat to 128-bit Symmetric Keys
Posted by ScottContini@reddit | programming | View on Reddit | 18 comments
Posted by ScottContini@reddit | programming | View on Reddit | 18 comments
LiftingRecipient420@reddit
Quantum computers aren't a threat to symmetric encryption at all.
They're a threat to asymmetric encryption that is predicated upon the computational difficulty of prime factorization.
If Shors algorithm can't be applied, then quantum computers aren't a threat.
umtala@reddit
Quantum computers in a technical sense break all symmetric encryption because they can search faster than brute force via Grover's algorithm, if a classical computer could achieve the same reduction in security then the algorithm would be considered broken.
However this is counterbalanced by the fact that quantum computers do not require as high of a security level as classical computers in practice.
LiftingRecipient420@reddit
Nope. Not at all.
Tell us you didn't even read the article without actually saying it.
The article specifically talks about how Grover's algorithm does not speed up the breaking of symmetric keys, it specifically talks about how that's a common misconception.
umtala@reddit
You should read my comment first before replying. The definition of "broken" is that there is there is any speed up. It does not have to be meaningful.
ScottContini@reddit (OP)
The main contribution from this article is that it does not parallelise well. It is still a valid algorithm, but using x circuits does not result in a factor of x speedup.
goldrunout@reddit
In a strict information theoretical way, Grover's algorithm "breaks" symmetric encryption. However, from a practical point of view, a square root reduction in complexity isn't that bad. Just use longer keys and you are back at the same security as before.
Uberhipster@reddit
it can't in my experience. not with the current state-of-the-art concepts I have tried first hand. a quantum circuit needs to be set up/preset for each target number in order to perform Shors algorithm computation
ScottContini@reddit (OP)
Did you read the article before commenting? Are you familiar with Grover’s algorithm?
ArtOfWarfare@reddit
Is it not likely that other algorithms will be discovered, and that a main reason they haven’t been discovered yet is a combination of intelligence agencies would pay a lot for them (and so… they are discovered, but not public) and/or quantum computers aren’t “real” yet so there’s not much point in writing algorithms for them yet?
LiftingRecipient420@reddit
No, the quantum Fourier transform has a very very very limited set of problems it can be applied to.
Symmetric encryption isn't one of them.
Quantum computers aren't some magic bullet that can do whatever we dream of.
watduhdamhell@reddit
Yet. You can't make such hold predictions about a technology on the bleeding edge. Yes, it can't do anything and everything, and yes it's very limited right now. But there is a good reason to believe it's not so limited as it is right now. Physics says we should be able to do a lot with these guys, so it's really an engineering problem right now, and a lot of people are hard at work trying to solve it.
But sure. Right now, they aren't magic and can't do much, really.
AdarTan@reddit
You are conflating the capabilities (qbit counts) of quantum computers with the actual quantum algorithms that can make use of those capabilities to solve problems. The two are almost completely unrelated.
The two big algorithms discussed in the article (Shor's and Grover's) were invented in the 90's, before even the most rudimentary 2-qbit quantum computers were demonstrated.
Ravek@reddit
Quantum computers are just a different computation model dude. Which people have already been analyzing mathematically, as you can see in this very post and the algorithms it references. Stop doing this embarrassing magical thinking.
Upbeat-Employment-62@reddit
The threat model people actually should be worried about is asymmetric — Shor's algorithm wrecks RSA and ECC. Grover's on symmetric just halves the keyspace which is why AES-256 exists. Headline is technically correct but kinda misses the point of why post-quantum crypto is being pushed right now.
Successful-Money4995@reddit
Tldr: Grover's algorithm on a quantum computer makes O(n) cracking a password take O(sqrt(n)) time. But using M quantum computers in parallel only makes it sqrt(M) times faster instead of M times faster.
mentalisttraceur@reddit
Great accessible write-up explaining why quantum hasn't meaningfully weakened symmetric encryption, despite Grover's algorithm.
ohell@reddit
Not a threat to one time pads either ...
satansprinter@reddit
Add the word yet and it might be correct