Home
News
Details

Quantum Computing Poses No Threat to 128-Bit Symmetric Keys; 'Post-Quantum Cryptography' Misunderstood

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
BTC
$75,771.600.65%
This is the logo of the coin.
ETH
$2,306.22-0.15%
AI summary iconSummary

expand icon
On-chain data indicates that quantum computing will not break 128-bit symmetric keys anytime soon, according to Filippo Valsorda. He explained that Grover’s algorithm lacks the parallelization required for real-world attacks. AES-128 remains secure, and upgrading keys is unnecessary. NIST and BSI support this view. Altcoins to watch may benefit from clearer narratives around crypto security.

BlockBeats report: On April 21, cryptographer Filippo Valsorda argued in an article that even under the most optimistic development scenarios, real-world quantum computers will not be able to break 128-bit symmetric encryption in the foreseeable future, and that current concerns about "post-quantum cryptography" are based on misinterpretations and panic. In his piece, "Quantum Computers Do Not Pose a Threat to 128-Bit Symmetric Keys," he stated that quantum computers do not present a practical threat to 128-bit symmetric keys such as AES-128, and that the industry does not need to upgrade key lengths for this reason.


Filippo Valsorda points out that many people worry quantum computers will "halve" the effective security strength of symmetric keys via Grover’s algorithm, reducing a 128-bit key to only 64 bits of security—but this is incorrect. This misconception arises from ignoring key limitations of Grover’s algorithm in practical attacks. The main issue with Grover’s algorithm is its inability to be effectively parallelized; its steps must be executed sequentially, and forcing parallelization drastically increases total computational cost. Even with an idealized quantum computer, the total computational effort required to break an AES-128 key is astronomical—approximately 2¹⁰⁴·⁵ operations—billions of times greater than the cost of breaking current asymmetric encryption algorithms, making it entirely impractical. Current standardization bodies such as the U.S. NIST and Germany’s BSI, along with quantum cryptography experts, explicitly state that algorithms like AES-128 are sufficient to resist known quantum attacks and serve as the benchmark for post-quantum security. NIST directly advises in its official Q&A: “Do not double AES key lengths to counter the quantum threat.”


Filippo Valsorda ultimately recommends that the only urgent task in the current post-quantum migration is replacing vulnerable asymmetric encryption algorithms such as RSA and ECDSA. Allocating limited resources to upgrading symmetric keys—such as increasing from 128-bit to 256-bit—is unnecessary, distracts from critical priorities, and increases system complexity and coordination costs; efforts should be fully focused on the components that truly require replacement.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.