While the quantum technology ecosystem waits for the National Institute of Standards and Technology to issue a list of post-quantum cryptography (PQC) algorithm standards, Tim Barnett, chief information officer at Bluefin, a payment security technology company, has offered a gentle reminder that the existing Advanced Encryption Standard-256 (AES-256) is still considered to be “quantum-resistant.”
“AES-256 specifically is believed to be quantum-resistant,” he told IQT News via email recently. “According to Grover’s Algorithm, a brute-force attack time can be reduced to its square root. But if this time is still sufficiently large, it becomes impractical to use as an attack vector. For AES-128 this is 2^64 (not safe enough), but AES-256 is 2^128 which yields too many brute force iterations. Hence, it is considered post-quantum computing resistant.”
A 2019 Kryptera research paper estimated that a quantum computer capable of more than 6,600 logical, error-corrected qubits would be required to break AES-256 encryption. That number of logical qubits would require a quantum computing system of millions of physical qubits. Quantum computers are getting big, and fast, but that threshold remains far off.
AES-256 is the larger-block-size sibling of the more commonly used AES-128 encryption standard. It is a symmetric encryption scheme, meaning it requires just one private key that must be protected by both parties, while asymmetric schemes like RSA (Rivest–Shamir–Adleman, the names of its creators) use a public key that can be used by anyone for encryption and communication, and then a private key for decryption.
According to Bluefin, adoption of AES-256 has been relatively slow even at a time when cybersecurity attacks continue to increase in frequency and variation, and as quantum computers are emerging as a potential threat. But the company believes the practicality and resource-efficiency of AES-256 will offer value for years to come.
“The AES algorithm supports key sizes of 128, 192, and 256,” Barnett said, adding that it is “extremely fast, offers very strong data protection, and does not require a lot of memory or CPU to encrypt the data it is protecting.”
Barnett acknowledged that the arrival of NIST PQC algorithms could add complexity to the marketplace as companies try to figure out how to move on from older encryption algorithms.
“The entire art of cryptography is terribly complex already,” he said. “Domain expertise in applied cryptography is a unique skill set likely not understood by most people. But the important part is coming up with PQC solutions that can be standardized and applied commercially.”
He added, “There will likely be numerous methods adopted as part of NIST-approved standards. Some methods will be adopted industry-wide as commercial standards. And these standards will materialize in web browsers, web servers, encryption appliances, and point-to-point encryption protocols. Companies should adopt these new standards, and their commercial availability as soon as possible. It is only a matter of time until quantum computing is here, and businesses and their infosec teams should plan accordingly.”