Quantum computing is going to revolutionize several industries, including Cybersecurity. Quantum computers have raised many questions around their ability to break AES-256 encryption (the global standard for keeping sensitive information secure). While quantum computers will certainly create new cryptographic vulnerabilities, the answer to the question posed by many people is far more nuanced than suggested by many headlines.
What is the AES-256 Encryption Standard?
AES-256 is a symmetric encryption algorithm (referred to simply as AES with a 256-bit key) that is widely used to ensure the safe transmission of sensitive data for Governments, banks, and cloud service providers. Due to its extremely large number of keys (2 million), no number of brute-force attempts (billions of attempts per second) could be expected to successfully break AES-256, even though the elapsed time would likely far exceed the age of the universe.
How Quantum Computing Changes Cryptography
Cryptography is transformed by quantum computation. A classical computer stores data via a binary representation of 0 or 1; a quantum computer uses quantum bits (qubits). By using superposition, a qubit can exist in a combined condition of both 0 and 1, so a quantum system can compute solutions to designated problems much faster than a classical system.
The type of risk posed to commercial encryption does not solely result from the raw computing performance of quantum computers, but from specially-designed Quantum Algorithms purposely designed to take advantage of vulnerabilities associated with conventional encryption.
Encryption and Quantum Algorithms
The two major types of quantum algorithms that apply to modern cryptography are:
- Shor's Algorithm, which can quickly and easily factor very large numbers. As a result, it would allow an attacker to totally defeat public key encryption schemes like RSA and elliptic curve cryptography. Despite this, AES-256 is a symmetric algorithm and is therefore not vulnerable to Shor’s algorithm.
- Grover's Algorithm is the most significant threat to AES-256, since it can substantially speed up brute force attacks by 2 squares (n^2), thereby effectively halving the security of symmetric encryption.
Can AES-256 be compromised using Quantum Computers?
Grover’s algorithm thus effectively halves the key strength of symmetric encryption algorithms. Hence, AES-256 would give an effective key strength of approximately 128 bits against a quantum foe. While this represents a reduction, 128-bit key strength is still a massively strong key, and at least for the foreseeable future, quantum computers will not have the ability to break it.
For a quantum computer to be able to use Grover's algorithm to break AES-256 would require the computer to have millions of stable, error-corrected qubits and be able to run a vast number of qubit operations. Current generation quantum computers do not have this level of performance ( i.e., they are in the thousands of very noisy qubits and do not have the ability to run long fault-tolerant quantum algorithms).
Therefore, as things stand, no quantum computer can currently break AES-256, and it is expected that it will be secure for many years to come.
The risk of attackers harvesting encrypted data today, then storing it until the time when they have powerful enough quantum computers to decrypt it, is an issue of concern. This is especially true for long-term sensitive data such as government records, health records, and intellectual property.
As a result of this fear, organizations are moving towards post-quantum cryptography as a method of ensuring their systems are protected going forward.
Is AES-256 Quantum Proof?
Though many experts believe AES-256 to be quantum-resistant, some believe it is not entirely quantum-proof. Still, even under quantum attacks, the effective security level of AES-256 remains extremely high. When coupled with secure key management and quantum-safe key exchange methods, AES-256 should continue to be at the forefront of secure systems going into the quantum age.
Conclusion
Quantum computing does create challenges for the underlying principles of encryption, such as AES-256; however, it is highly unlikely that AES-256 is about to be broken by quantum attacks. While quantum algorithms may decrease the theoretical security margins of AES-256, accordingly, AES-256 remains one of the most stringent encryption protocols presently available and should therefore be retained. More urgent action should take place in replacing public-key systems (which are susceptible to quantum attacks) rather than replacing AES-256.
Razia Ahsan