Article <Rhl5xUdkLGpfTfY0lWWjQMhF6oCPkjTTCDXATLM7hAw=@writeable.com>

Deutsch English Français Italiano
<Rhl5xUdkLGpfTfY0lWWjQMhF6oCPkjTTCDXATLM7hAw=@writeable.com>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!2.eu.feeder.erje.net!3.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: The Running Man <runningman@writeable.com>
Newsgroups: sci.crypt
Subject: Re: State of Post Quantum Cryptography?
Date: Wed, 8 May 2024 04:05:16 -0000 (UTC)
Organization: EasyNews
Lines: 17
Message-ID: <Rhl5xUdkLGpfTfY0lWWjQMhF6oCPkjTTCDXATLM7hAw=@writeable.com>
References: <v1ancg$2jieu$1@dont-email.me>
Injection-Date: Wed, 08 May 2024 06:05:16 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="80f5cb84063164f15d8a531b23146f59";
	logging-data="3945413"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19HGbSG+LOxYHs++CLdd0bJN5nrn2qU9Cg="
Cancel-Lock: sha1:PYs3hFcxCLi1z5aYIJn64EPULPY=
Bytes: 2309

On 06/05/2024 15:53 Jakob Bohm <jb-usenet@wisemo.invalid> wrote:
> On 2024-05-02 10:20, The Running Man wrote:
>> What is you guys take on PQC (Post Quantum Cryptography) algorithms? I know the NIST has held a contest and that there are winners, but do you guys think they're safe to use?
>>
>> I fear they may be broken in the future thereby destroying the security and privacy of millions of unsuspecting users. Current cryptographic algorithms are known to be safe and will be for at least the coming decades. OTOH these new PQC ciphers hold the promise of eternal confidentiality which current ciphers cannot guarantee.
> 
> If any bad actor has a quantum computer with just a few more Qubits
> than the ones demonstrated in public, they can break most current public
> key algorithms using known attack algorithms written a long time ago for
> such (then hypothetical) computers.  They can also break symmetric
> encryption at the same difficulty as if the key length was half as many
> bits (thus AES 128 would be as weak as IDEA, AES 256 as weak as AES
> 128).
> 

Define: "a few more qubits." I've read that maybe up to a million qubits are needed to compensate for the errors and noise to be able to break current asymmetric encryption algorithms. Symmetric algorithms aren't vulnerable in any case since quantum algorithms only halve the number of bits of security (i.e. 256 bits becomes 128 bits which cannot be broken).